rhsa-2023_5447
Vulnerability from csaf_redhat
Published
2023-10-05 01:03
Modified
2024-11-06 03:46
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update

Notes

Topic
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * word-wrap: ReDoS (CVE-2023-26115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * MTC version is not displayed correctly in the UI (BZ#2233026) * Indirect migration is stuck on backup stage (BZ#2233097) * Migrated application unable to pull image from internal registry on target cluster (BZ#2233103) * PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore (BZ#2233868) * Migration failing on Azure due to authorization issue (BZ#2238974)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Migration Toolkit for Containers (MTC) 1.8.0 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* word-wrap: ReDoS (CVE-2023-26115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* MTC version is not displayed correctly in the UI (BZ#2233026)\n\n* Indirect migration is stuck on backup stage (BZ#2233097)\n\n* Migrated application unable to pull image from internal registry on target cluster (BZ#2233103)\n\n* PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore (BZ#2233868)\n\n* Migration failing on Azure due to authorization issue (BZ#2238974)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:5447",
        "url": "https://access.redhat.com/errata/RHSA-2023:5447"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2216827",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216827"
      },
      {
        "category": "external",
        "summary": "2233026",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233026"
      },
      {
        "category": "external",
        "summary": "2233097",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233097"
      },
      {
        "category": "external",
        "summary": "2233103",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233103"
      },
      {
        "category": "external",
        "summary": "2233868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233868"
      },
      {
        "category": "external",
        "summary": "2238974",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238974"
      },
      {
        "category": "external",
        "summary": "MIG-1331",
        "url": "https://issues.redhat.com/browse/MIG-1331"
      },
      {
        "category": "external",
        "summary": "MIG-1363",
        "url": "https://issues.redhat.com/browse/MIG-1363"
      },
      {
        "category": "external",
        "summary": "MIG-1411",
        "url": "https://issues.redhat.com/browse/MIG-1411"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5447.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-06T03:46:42+00:00",
      "generator": {
        "date": "2024-11-06T03:46:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2023:5447",
      "initial_release_date": "2023-10-05T01:03:01+00:00",
      "revision_history": [
        {
          "date": "2023-10-05T01:03:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-10-05T01:03:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T03:46:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-RHMTC-1.8",
                "product": {
                  "name": "8Base-RHMTC-1.8",
                  "product_id": "8Base-RHMTC-1.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhmt:1.8::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Migration Toolkit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
                  "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.8.0-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
                  "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.8.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
                  "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
                  "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
                  "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
                  "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.8.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
                  "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
                  "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
                  "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64",
                  "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8\u0026tag=v1.8.0-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26115",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-06-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216827"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "word-wrap: ReDoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26115"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216827",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216827"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26115",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26115"
        }
      ],
      "release_date": "2023-06-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T01:03:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5447"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "word-wrap: ReDoS"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.