rhsa-2023_4293
Vulnerability from csaf_redhat
Published
2023-07-27 01:13
Modified
2024-09-18 05:01
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.11 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)
* golang-github-gin-gonic-gin: Improper Input Validation (CVE-2023-26125)
* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)
* golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function (CVE-2023-29401)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.11 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)\n\n* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)\n\n* golang-github-gin-gonic-gin: Improper Input Validation (CVE-2023-26125)\n\n* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)\n\n* golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function (CVE-2023-29401)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4293",
"url": "https://access.redhat.com/errata/RHSA-2023:4293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2178358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358"
},
{
"category": "external",
"summary": "2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "2203769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203769"
},
{
"category": "external",
"summary": "2216957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216957"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_4293.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update",
"tracking": {
"current_release_date": "2024-09-18T05:01:45+00:00",
"generator": {
"date": "2024-09-18T05:01:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:4293",
"initial_release_date": "2023-07-27T01:13:57+00:00",
"revision_history": [
{
"date": "2023-07-27T01:13:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-27T01:13:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T05:01:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.11-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.11-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.11-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.11-1"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.11-1"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.11-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.11-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.11-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.11-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.11-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.11-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.11-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.11-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.11-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.11-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.11-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.11-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Philippe Antoine"
],
"organization": "Catena Cyber"
}
],
"cve": "CVE-2022-41723",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41723"
},
{
"category": "external",
"summary": "RHBZ#2178358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h",
"url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h"
},
{
"category": "external",
"summary": "https://go.dev/cl/468135",
"url": "https://go.dev/cl/468135"
},
{
"category": "external",
"summary": "https://go.dev/cl/468295",
"url": "https://go.dev/cl/468295"
},
{
"category": "external",
"summary": "https://go.dev/issue/57855",
"url": "https://go.dev/issue/57855"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1571",
"url": "https://pkg.go.dev/vuln/GO-2023-1571"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-1571.json",
"url": "https://vuln.go.dev/ID/GO-2023-1571.json"
}
],
"release_date": "2023-02-17T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4293"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24539",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196026"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a \u0027/\u0027 character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper sanitization of CSS values",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore, the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24539"
},
{
"category": "external",
"summary": "RHBZ#2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59720",
"url": "https://github.com/golang/go/issues/59720"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4293"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper sanitization of CSS values"
},
{
"cve": "CVE-2023-26125",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-05-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2203769"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. An attacker can perform cache poisoning attacks by sending a specially-crafted request using the X-Forwarded-Prefix header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-gin-gonic-gin: Improper Input Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26125"
},
{
"category": "external",
"summary": "RHBZ#2203769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203769"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26125"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26125"
},
{
"category": "external",
"summary": "https://www.postgresql.org/support/security/CVE-2023-2454/",
"url": "https://www.postgresql.org/support/security/CVE-2023-2454/"
}
],
"release_date": "2023-05-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4293"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-gin-gonic-gin: Improper Input Validation"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-29400",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196029"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of empty HTML attributes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn OpenShift Container Platform and Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users, reducing the impact to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29400"
},
{
"category": "external",
"summary": "RHBZ#2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400"
},
{
"category": "external",
"summary": "https://go.dev/issue/59722",
"url": "https://go.dev/issue/59722"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4293"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of empty HTML attributes"
},
{
"cve": "CVE-2023-29401",
"cwe": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check"
},
"discovery_date": "2023-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition header by using a specially-crafted attachment file name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:12a30ae012584c98d88bbf5b592c446ef01c99613d2ead6428a7c300379f7bb7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:d5e4fbece3335736271fd3c397a47b56f486a6bff74828ae3caa1bad71479ea9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:9bb77c878246943764eadc901a3be355b2e209cad4a847fd991edde8f892def8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:b494d414adaa0f840e5f73fb46a18d8782ce27993f357d0d76f97b0a0869fbdf_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:faa6da69f2c290a593b2a2be7090d6a5f56ea15de6ed1096e4af2b71311d5160_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:e49cdb8a5591edc90a4e2e590848aeca3917c35bd736b442c87dca056526eb9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:952df168a2a223fc4cb611631ca308633e792d31b20ddeede8ca7be81f875203_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:3698e0abf4745cb21de11f7dd0ca820e18412ba120443f5b1e1fb47ea6f1ab56_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:a9f2b722cac0640c9369652362fb23f36cf871d14f272d5e09ea441992ef44f2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:9e2c212ac1bf3ee88a71dcd7ee8982277c79d0591f804f1fe74e2d2556e6ac39_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:ed877c9443049533ac997f416275d243886686e541fcecc577f24fa67457e82e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:8c364d88218f882fa2d681af9e380eb9d985adb177e3399e449d09edf0905e51_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:5f99efaa36d71c97e9efba6dbd75484726df26c096de53abe9c10bec0d830162_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:e4d53ac8ae53d83e3796d910cfa2bf0343fddc1363a4c37c93c7027b8148e3c4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:fa11c3717b862d9da0dfa9fb4f4c9d30af55f893ab0573775d1dc19f93352e8e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:a160bac588b1e86544fe73fa2aef24c26f0e7d491200edf8c4508cfcecb18b9d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29401"
},
{
"category": "external",
"summary": "RHBZ#2216957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29401"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29401"
}
],
"release_date": "2023-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4293"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:4acee31f69a7073ff74e57a7951a0a6e82d97599fce50ac4efe085fd213910af_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function"
}
]
}
Loading...