rhsa-2023_3943
Vulnerability from csaf_redhat
Published
2023-06-29 14:32
Modified
2024-11-06 03:16
Summary
Red Hat Security Advisory: ACS 4.1 enhancement and security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The release of ACS 4.1 provides these changes:
Security Fix(es):
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)
* golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)
* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)
* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
New features:
* Manual renewal of Central and Sensor certificates
* Vulnerability Management 2.0 (Technology Preview)
* RHACS Cloud Service scanning support for images pulled from on-premise registries
* eBPF collection method on IBM Z and IBM® LinuxONE
* Ability to configure the display of default compliance standards in the Compliance Dashboard
* Declarative configurations for authentication and authorization
* SSO configuration using the roxctl CLI
* New collection method based on BPF CO-RE (Technology Preview)
* Network graph updates
* Policy Management simplification
* New permission sets
* Improvements for Sensor resync (General Availability)
For notable technical changes, deprecated and removed features, bug fixes, and known issues, refer to the Release Notes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The release of ACS 4.1 provides these changes:\n\nSecurity Fix(es):\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)\n\n* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)\n\n* golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)\n\n* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)\n\n* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nNew features:\n\n* Manual renewal of Central and Sensor certificates\n\n* Vulnerability Management 2.0 (Technology Preview)\n\n* RHACS Cloud Service scanning support for images pulled from on-premise registries\n\n* eBPF collection method on IBM Z and IBM\u00ae LinuxONE\n\n* Ability to configure the display of default compliance standards in the Compliance Dashboard\n\n* Declarative configurations for authentication and authorization\n\n* SSO configuration using the roxctl CLI\n\n* New collection method based on BPF CO-RE (Technology Preview)\n\n* Network graph updates\n\n* Policy Management simplification\n\n* New permission sets\n\n* Improvements for Sensor resync (General Availability)\n\nFor notable technical changes, deprecated and removed features, bug fixes, and known issues, refer to the Release Notes.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3943", "url": "https://access.redhat.com/errata/RHSA-2023:3943" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://docs.openshift.com/acs/4.1/release_notes/41-release-notes.html", "url": "https://docs.openshift.com/acs/4.1/release_notes/41-release-notes.html" }, { "category": "external", "summary": "2064702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" }, { "category": "external", "summary": "2178358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358" }, { "category": "external", "summary": "2184481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481" }, { "category": "external", "summary": "2184482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482" }, { "category": "external", "summary": "2184483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483" }, { "category": "external", "summary": "2184484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484" }, { "category": "external", "summary": "ROX-18018", "url": "https://issues.redhat.com/browse/ROX-18018" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3943.json" } ], "title": "Red Hat Security Advisory: ACS 4.1 enhancement and security update", "tracking": { "current_release_date": "2024-11-06T03:16:01+00:00", "generator": { "date": "2024-11-06T03:16:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:3943", "initial_release_date": "2023-06-29T14:32:26+00:00", "revision_history": [ { "date": "2023-06-29T14:32:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-29T14:32:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T03:16:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHACS 4.1 for RHEL 8", "product": { "name": "RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8" } } } ], "category": "product_family", "name": "Red Hat Advanced Cluster Security for Kubernetes" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.1.0-8" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.1.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.1.0-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.1.0-13" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.1.0-14" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.1.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.1.0-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.1.0-10" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.1.0-8" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.1.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.1.0-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.1.0-13" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.1.0-14" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.1.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.1.0-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.1.0-10" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.1.0-8" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.1.0-11" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.1.0-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.1.0-13" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.1.0-14" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.1.0-9" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.1.0-10" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.1.0-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.1.0-10" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "relates_to_product_reference": "8Base-RHACS-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64 as a component of RHACS 4.1 for RHEL 8", "product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64", "relates_to_product_reference": "8Base-RHACS-4.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-27191", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064702" } ], "notes": [ { "category": "description", "text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crash in a golang.org/x/crypto/ssh server", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "known_not_affected": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27191" }, { "category": "external", "summary": "RHBZ#2064702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-29T14:32:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3943" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crash in a golang.org/x/crypto/ssh server" }, { "acknowledgments": [ { "names": [ "Philippe Antoine" ], "organization": "Catena Cyber" } ], "cve": "CVE-2022-41723", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178358" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le" ], "known_not_affected": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41723" }, { "category": "external", "summary": "RHBZ#2178358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h" }, { "category": "external", "summary": "https://go.dev/cl/468135", "url": "https://go.dev/cl/468135" }, { "category": "external", "summary": "https://go.dev/cl/468295", "url": "https://go.dev/cl/468295" }, { "category": "external", "summary": "https://go.dev/issue/57855", "url": "https://go.dev/issue/57855" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1571", "url": "https://pkg.go.dev/vuln/GO-2023-1571" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-1571.json", "url": "https://vuln.go.dev/ID/GO-2023-1571.json" } ], "release_date": "2023-02-17T14:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-29T14:32:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3943" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding" }, { "cve": "CVE-2023-24534", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184483" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, net/textproto: denial of service from excessive memory allocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "known_not_affected": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24534" }, { "category": "external", "summary": "RHBZ#2184483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24534", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534" }, { "category": "external", "summary": "https://go.dev/issue/58975", "url": "https://go.dev/issue/58975" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" } ], "release_date": "2023-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-29T14:32:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3943" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http, net/textproto: denial of service from excessive memory allocation" }, { "cve": "CVE-2023-24536", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184482" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Enterprise Linux,\n\n* Conmon uses Go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not-affected.\n* The CVE refers to multipart form parsing routine mime/multipart.Reader.ReadForm, which is not used in Grafana, hence it is not-affected.\n* Butane does not parse multipart forms, hence, it is also not-affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "known_not_affected": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24536" }, { "category": "external", "summary": "RHBZ#2184482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24536", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536" }, { "category": "external", "summary": "https://go.dev/issue/59153", "url": "https://go.dev/issue/59153" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" } ], "release_date": "2023-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-29T14:32:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3943" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption" }, { "cve": "CVE-2023-24537", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2023-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184484" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: go/parser: Infinite loop in parsing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "known_not_affected": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24537" }, { "category": "external", "summary": "RHBZ#2184484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24537", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537" }, { "category": "external", "summary": "https://github.com/golang/go/issues/59180", "url": "https://github.com/golang/go/issues/59180" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" } ], "release_date": "2023-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-29T14:32:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3943" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: go/parser: Infinite loop in parsing" }, { "cve": "CVE-2023-24538", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2023-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184481" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: backticks not treated as string delimiters", "title": "Vulnerability summary" }, { "category": "other", "text": "The described issue involving Go templates and JavaScript template literals poses a moderate severity rather than an important one due to several mitigating factors. Firstly, the vulnerability requires specific conditions to be met: the presence of Go templates within JavaScript template literals. This limits the scope of affected codebases, reducing the likelihood of exploitation. Additionally, the decision to disallow such interactions in future releases of Go indicates a proactive approach to addressing the issue. Furthermore, the affected packages or components within Red Hat Enterprise Linux, such as Conmon, Grafana, and the RHC package, have been assessed and determined not to be impacted due to their specific usage patterns. So the limited scope of affected systems and the absence of exploitation vectors in specific components within Red Hat Enterprise Linux contribute to categorizing the severity of the issue as moderate.\n\nFor Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* The rhc package do not make use of html/template. Hence, it is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "known_not_affected": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24538" }, { "category": "external", "summary": "RHBZ#2184481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24538", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538" }, { "category": "external", "summary": "https://github.com/golang/go/issues/59234", "url": "https://github.com/golang/go/issues/59234" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" } ], "release_date": "2023-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-29T14:32:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3943" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:38ab36e0243b00b1cace2970c8f5588b21dfd0330d25d4ed703823f7f4bf3b52_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:aa41f9e3f9a85fbae062aee5939f091b0b598aa0aa4c3771681fd356a6a5de18_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:b671657f95b1bcbaf1a445e3387e10367804c0d7493cb622d7057b31c1e0c28b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:4d3d6c7000e3ea08d226aab83a57dfe6fa2da97b8d685d3b0c4ec5b5f1f5c462_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6c84697eccfaf089e43bcbef2fa9a2a789b8c5d5bc065d16a0c8e5542891a5b1_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9b0c513eb212ca750612c4f272e694dcb8c45561edafaa1c24b993e561399c3b_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:8691b2e8129e6b872530cd15f025a0e91824defb32f828907596e055f40cb1f6_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:eebfa0e319e1d78c403da776182bb00bf0f7367f4454749d414ff5ad75c4469c_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b013aabfb65b28c421ad3327a80a4c724a552e8f814311c16c7555f576b39393_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:d956e88f9a36628eeaf2cb5b299ac42016efa84d3bc14c77308b15afc1e90744_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9b0e2af7848795f02e0b6fe75990810b93f0bd684d908c8f6309069fd876bd83_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3e51c4ac5ca73a90557824e65408ae5fe70e23bb67ed035f54e92af34e9f0e24_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b9eefd01c7b20196c13b474d2dba3cc6ba2d3884da8614702538dd007c937f89_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:3566bc3cd7e1b8a1e23c965add5d037de5ec336e680fb7a241665a52bbd60211_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2b95e98c75a4c78669c0720e03e6dddf6c3207a8af2f0265414313c4b0011ad_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0bb05a07414e63cfa925adb1a19bdaf63da53fb54f3d98a21ecb4c4f4f87311d_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a0c938f258ab6dc24a77e9d0773352f9f952f2c72304c5aff9e4de14729c44a_ppc64le", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:a255b9ceffb7103ed9cfc2364ce8ea638e162b39ac38e36c2c2ac3663c4918db_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ba1fe0f2333284e37a030f0ba9a2389837e552829cf579e0894b4dad2f011bce_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64", "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: backticks not treated as string delimiters" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.