rhsa-2023_4289
Vulnerability from csaf_redhat
Published
2023-07-27 00:53
Modified
2024-09-16 19:22
Summary
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.11 security and bug fix update
Notes
Topic
OpenShift API for Data Protection (OADP) 1.0.11 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Security Fix(es) from Bugzilla:
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "OpenShift API for Data Protection (OADP) 1.0.11 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4289",
"url": "https://access.redhat.com/errata/RHSA-2023:4289"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "OADP-1504",
"url": "https://issues.redhat.com/browse/OADP-1504"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_4289.json"
}
],
"title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.11 security and bug fix update",
"tracking": {
"current_release_date": "2024-09-16T19:22:46+00:00",
"generator": {
"date": "2024-09-16T19:22:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:4289",
"initial_release_date": "2023-07-27T00:53:26+00:00",
"revision_history": [
{
"date": "2023-07-27T00:53:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-27T00:53:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T19:22:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-OADP-1.0",
"product": {
"name": "8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_api_data_protection:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift API for Data Protection"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64",
"product_id": "oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64",
"product_id": "oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64",
"product": {
"name": "oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64",
"product_id": "oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-registry-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64",
"product_id": "oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.0.11-2"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.0.11-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64"
},
"product_reference": "oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24540",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64",
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of JavaScript whitespace",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64"
],
"known_not_affected": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64",
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24540"
},
{
"category": "external",
"summary": "RHBZ#2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540"
},
{
"category": "external",
"summary": "https://go.dev/issue/59721",
"url": "https://go.dev/issue/59721"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4289"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b391390d15088e8afd3297e0dbc1ca6ab6e54ff6a61c7e28b2fe7f8f6777c651_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:d178bbef0c7e2bea002ec1a0b294472f42c7c5c9642d174492baa2770ce6527f_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:7ac193a2157e5519f5a5e6908d7378a6c231bc4221b350f9ecd908f86866edf8_amd64",
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:b6885b85a1220887c6f0640cf2c95a82f190d3f5939a66b582259c57e60d0bbd_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c93d727f3244175c409e7e23301152519a4ac4a6cdfba8107b99f622f0a394de_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a2bfb3a1bc7e6788f758af6e7f88b9c07426a4509f9ba329f7adc3a749703995_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:dc97222cbf83ce3e372921303e5ee711eea13fa76b36c8f0ba78200a657fe03a_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:34c535174f0c67b85343d2dedc698c4909d212581bccf4004583916d65c079a0_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:8b8ff5365ce8bcc94719fd4c84087140456e035ef5390fe327df90d8a527760d_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:95bc2c1e9419a8c05bff13d05cb21d84ec69c22c15ed3c52484e5e9a17c291e9_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:01f0f6be391bdb11e9cb19c00540ab305a758dae68e45ca0f045afb801748485_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:a0f5d406010ba1161572c009e9d3dd62b36124bf57cbc29edff39ac57f1035bb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: html/template: improper handling of JavaScript whitespace"
}
]
}
Loading...