rhsa-2023_7741
Vulnerability from csaf_redhat
Published
2023-12-12 13:55
Modified
2024-12-18 04:58
Summary
Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update
Notes
Topic
Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This updated container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.", "title": "Topic" }, { "category": "general", "text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis updated container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:7741", "url": "https://access.redhat.com/errata/RHSA-2023:7741" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "2181117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181117" }, { "category": "external", "summary": "2186322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186322" }, { "category": "external", "summary": "2210840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210840" }, { "category": "external", "summary": "2210848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210848" }, { "category": "external", "summary": "2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "2254041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254041" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7741.json" } ], "title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update", "tracking": { "current_release_date": "2024-12-18T04:58:32+00:00", "generator": { "date": "2024-12-18T04:58:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:7741", "initial_release_date": "2023-12-12T13:55:37+00:00", "revision_history": [ { "date": "2023-12-12T13:55:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-12-12T13:55:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T04:58:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Ceph Storage 6.1 Tools", "product": { "name": "Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools", "product_identification_helper": { "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9" } } } ], "category": "product_family", "name": "Red Hat Ceph Storage" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "product": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-82" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "product": { "name": "rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "product_id": "rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-4" } } }, { "category": "product_version", "name": "rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "product": { "name": "rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "product_id": "rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-12" } } }, { "category": "product_version", "name": "rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "product": { "name": "rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "product_id": "rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-263" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "product": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-5" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "product": { "name": "rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "product_id": "rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-48" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "product": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-82" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "product": { "name": "rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "product_id": "rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-4" } } }, { "category": "product_version", "name": "rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "product": { "name": "rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "product_id": "rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-12" } } }, { "category": "product_version", "name": "rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "product": { "name": "rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "product_id": "rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-263" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "product": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-5" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64", "product": { "name": "rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64", "product_id": "rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-48" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "product": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-82" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "product": { "name": "rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "product_id": "rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-4" } } }, { "category": "product_version", "name": "rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "product": { "name": "rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "product_id": "rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-12" } } }, { "category": "product_version", "name": "rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "product": { "name": "rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "product_id": "rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-263" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "product": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-5" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "product": { "name": "rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "product_id": "rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-48" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64" }, "product_reference": "rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x" }, "product_reference": "rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le" }, "product_reference": "rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x" }, "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le" }, "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" }, "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64" }, "product_reference": "rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le" }, "product_reference": "rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x" }, "product_reference": "rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64" }, "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x" }, "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le" }, "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le" }, "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x" }, "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64" }, "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le" }, "product_reference": "rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x" }, "product_reference": "rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64 as a component of Red Hat Ceph Storage 6.1 Tools", "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" }, "product_reference": "rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64", "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Grafana Security Team" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-1387", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-04-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2186322" } ], "notes": [ { "category": "description", "text": "A flaw was found in Grafana. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue when enabling the \"url_login\" configuration option. By sending a specially crafted request, an attacker can obtain JWT information and use this to launch further attacks against the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: JWT token leak to data source", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1387" }, { "category": "external", "summary": "RHBZ#2186322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1387", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1387" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1387", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1387" }, { "category": "external", "summary": "https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/", "url": "https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/" }, { "category": "external", "summary": "https://grafana.com/security/security-advisories/cve-2023-1387/", "url": "https://grafana.com/security/security-advisories/cve-2023-1387/" } ], "release_date": "2023-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-12T13:55:37+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7741" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: JWT token leak to data source" }, { "cve": "CVE-2023-1410", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-03-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2181117" } ], "notes": [ { "category": "description", "text": "A flaw was found in Grafana. This flaw allows an attacker to host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Stored XSS in Graphite FunctionDescription tooltip", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1410" }, { "category": "external", "summary": "RHBZ#2181117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181117" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1410", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1410" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1410", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1410" }, { "category": "external", "summary": "https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76", "url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76" }, { "category": "external", "summary": "https://grafana.com/blog/2023/03/22/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-1410/", "url": "https://grafana.com/blog/2023/03/22/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-1410/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-12T13:55:37+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7741" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: Stored XSS in Graphite FunctionDescription tooltip" }, { "acknowledgments": [ { "names": [ "Grafana Security Team" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-2183", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2023-05-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2210848" } ], "notes": [ { "category": "description", "text": "A flaw was found in grafana. This issue may allow a malicious user to craft a request to the API that enables them to send alert messages via the \"API Alert - Test\".", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: missing access control allows test alerts by underprivileged user", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) has switched to using upstream rhel rpms for grafana, and is no longer maintaining the servicemesh-grafana package. Hence, it is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2183" }, { "category": "external", "summary": "RHBZ#2210848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210848" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2183" }, { "category": "external", "summary": "https://grafana.com/security/security-advisories/cve-2023-2183/", "url": "https://grafana.com/security/security-advisories/cve-2023-2183/" } ], "release_date": "2023-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-12T13:55:37+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7741" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: missing access control allows test alerts by underprivileged user" }, { "acknowledgments": [ { "names": [ "Grafana Security Team" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-2801", "cwe": { "id": "CWE-820", "name": "Missing Synchronization" }, "discovery_date": "2023-05-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2210840" } ], "notes": [ { "category": "description", "text": "A flaw was found in grafana. This issue occurs when sending an API call to the /ds/query or public dashboard query endpoint that has mixed queries, such as having two or more distinct data sources in one API call. As a result, the Grafana instance will crash. Currently, the only feature that uses mixed queries within Grafana is public dashboards, but it is also possible to trigger this issue by calling the API directly.\r\nIf public dashboards are enabled, reproduction requires a public dashboard to be under a heavy load. If public dashboards are disabled, reproduction only occurs when the /ds/query endpoint with a mixed query payload is under a heavy load with a load testing script.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: data source proxy race condition", "title": "Vulnerability summary" }, { "category": "other", "text": "- In OpenShift Container Platform (OCP), Red Hat Advanced Cluster Management for Kubernetes (RHACM), and OpenShift ServiceMesh (OSSM) the grafana components are protected by OpenShift OAuth that reduces the impact of this flaw to Moderate.\n- OpenShift ServiceMesh (OSSM) has switched to using upstream rhel rpms for grafana and is no longer maintaining the servicemesh-grafana package. Hence, it is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2801" }, { "category": "external", "summary": "RHBZ#2210840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210840" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2801", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2801" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2801", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2801" }, { "category": "external", "summary": "https://grafana.com/security/security-advisories/cve-2023-2801/", "url": "https://grafana.com/security/security-advisories/cve-2023-2801/" } ], "release_date": "2023-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-12T13:55:37+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7741" }, { "category": "workaround", "details": "Block mixed query requests and patch to disable mixed query concurrent calls", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: data source proxy race condition" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-12T13:55:37+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7741" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "known_not_affected": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-12T13:55:37+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7741" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x", "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.