csaf_redhat - rhsa-2023

rhsa-2023_5447

Vulnerability from csaf_redhat

Published

2023-10-05 01:03

Modified

2024-11-24 20:49

Summary

Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update

Notes

Topic

The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * word-wrap: ReDoS (CVE-2023-26115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * MTC version is not displayed correctly in the UI (BZ#2233026) * Indirect migration is stuck on backup stage (BZ#2233097) * Migrated application unable to pull image from internal registry on target cluster (BZ#2233103) * PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore (BZ#2233868) * Migration failing on Azure due to authorization issue (BZ#2238974)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Migration Toolkit for Containers (MTC) 1.8.0 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* word-wrap: ReDoS (CVE-2023-26115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* MTC version is not displayed correctly in the UI (BZ#2233026)\n\n* Indirect migration is stuck on backup stage (BZ#2233097)\n\n* Migrated application unable to pull image from internal registry on target cluster (BZ#2233103)\n\n* PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore (BZ#2233868)\n\n* Migration failing on Azure due to authorization issue (BZ#2238974)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:5447",
        "url": "https://access.redhat.com/errata/RHSA-2023:5447"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2216827",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216827"
      },
      {
        "category": "external",
        "summary": "2233026",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233026"
      },
      {
        "category": "external",
        "summary": "2233097",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233097"
      },
      {
        "category": "external",
        "summary": "2233103",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233103"
      },
      {
        "category": "external",
        "summary": "2233868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233868"
      },
      {
        "category": "external",
        "summary": "2238974",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238974"
      },
      {
        "category": "external",
        "summary": "MIG-1331",
        "url": "https://issues.redhat.com/browse/MIG-1331"
      },
      {
        "category": "external",
        "summary": "MIG-1363",
        "url": "https://issues.redhat.com/browse/MIG-1363"
      },
      {
        "category": "external",
        "summary": "MIG-1411",
        "url": "https://issues.redhat.com/browse/MIG-1411"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5447.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-24T20:49:37+00:00",
      "generator": {
        "date": "2024-11-24T20:49:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2023:5447",
      "initial_release_date": "2023-10-05T01:03:01+00:00",
      "revision_history": [
        {
          "date": "2023-10-05T01:03:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-10-05T01:03:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T20:49:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-RHMTC-1.8",
                "product": {
                  "name": "8Base-RHMTC-1.8",
                  "product_id": "8Base-RHMTC-1.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhmt:1.8::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Migration Toolkit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
                  "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.8.0-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
                  "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.8.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
                  "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
                  "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
                  "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
                  "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.8.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
                  "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
                  "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
                  "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64",
                  "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.8.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8\u0026tag=v1.8.0-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64 as a component of 8Base-RHMTC-1.8",
          "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26115",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-06-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216827"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "word-wrap: ReDoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747_amd64",
          "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26115"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216827",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216827"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26115",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26115"
        }
      ],
      "release_date": "2023-06-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T01:03:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5447"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "word-wrap: ReDoS"
    }
  ]
}

cve-2023-26115

Vulnerability from cvelistv5

Published

2023-06-22 05:00

Modified

2024-08-02 11:39

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

Summary

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

References

▼	URL	Tags
	https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657
	https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39
	https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

▼	Vendor	Product
	n/a	word-wrap
	n/a	org.webjars.npm:word-wrap

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26115",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T19:10:49.434426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T19:11:06.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:06.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "word-wrap",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.npm:word-wrap",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Carter Snook"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.\r\r"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Regular Expression Denial of Service (ReDoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-22T05:00:01.472Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657"
        },
        {
          "url": "https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39"
        },
        {
          "url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2023-26115",
    "datePublished": "2023-06-22T05:00:01.472Z",
    "dateReserved": "2023-02-20T10:28:48.922Z",
    "dateUpdated": "2024-08-02T11:39:06.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted