rhsa-2024:4057
Vulnerability from csaf_redhat
Published
2024-06-24 01:38
Modified
2025-03-26 19:26
Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements
Notes
Topic
Release of OpenShift Serverless Logic 1.33.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release includes security, bug fixes, and enhancements.
Security Fix(es):
* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)
* keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717)
* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
* camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371)
* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)
* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)
* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)
For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Release of OpenShift Serverless Logic 1.33.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release includes security, bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n\n* keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717)\n\n* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)\n\n* camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371)\n\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\n* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4057", url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", url: "https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", }, { category: "external", summary: "2253952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", }, { category: "external", summary: "2262918", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", }, { category: "external", summary: "2264988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264988", }, { category: "external", summary: "2264989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264989", }, { category: "external", summary: "2266024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266024", }, { category: "external", summary: "2266523", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266523", }, { category: "external", summary: "2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4057.json", }, ], title: "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements", tracking: { current_release_date: "2025-03-26T19:26:08+00:00", generator: { date: "2025-03-26T19:26:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:4057", initial_release_date: "2024-06-24T01:38:27+00:00", revision_history: [ { date: "2024-06-24T01:38:27+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-24T01:38:27+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-26T19:26:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Serverless 1.33", product: { name: "Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_serverless:1.33::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Serverless", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product_id: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product_identification_helper: { purl: "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product_id: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product_identification_helper: { purl: "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", }, product_reference: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", }, product_reference: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, ], }, vulnerabilities: [ { cve: "CVE-2023-6717", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2253952", }, ], notes: [ { category: "description", text: "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-6717", }, { category: "external", summary: "RHBZ#2253952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-6717", url: "https://www.cve.org/CVERecord?id=CVE-2023-6717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", }, ], release_date: "2024-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266921", }, ], notes: [ { category: "description", text: "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jose4j: denial of service via specially crafted JWE", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-51775", }, { category: "external", summary: "RHBZ#2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-51775", url: "https://www.cve.org/CVERecord?id=CVE-2023-51775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, ], release_date: "2024-02-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose4j: denial of service via specially crafted JWE", }, { acknowledgments: [ { names: [ "Adriano Márcio Monteiro", ], }, ], cve: "CVE-2024-1249", cwe: { id: "CWE-346", name: "Origin Validation Error", }, discovery_date: "2024-02-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262918", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in Keycloak's OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1249", }, { category: "external", summary: "RHBZ#2262918", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1249", url: "https://www.cve.org/CVERecord?id=CVE-2024-1249", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", }, ], release_date: "2024-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", }, { cve: "CVE-2024-1597", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, discovery_date: "2024-02-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266523", }, ], notes: [ { category: "description", text: "A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.", title: "Vulnerability description", }, { category: "summary", text: "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", title: "Vulnerability summary", }, { category: "other", text: "The PostgreSQL JDBC Driver is not affected in the default query mode. Users that do not override the query mode are not impacted.\n\nThe described SQL injection vulnerability, while significant, is categorized as important rather than critical due to several factors. Firstly, the exploitation relies on specific conditions, including the use of a non-default query mode (preferQueryMode=simple) and the precise arrangement of user-controlled parameters within the SQL query. This limits the potential attack surface and reduces the likelihood of widespread exploitation across systems. Additionally, the vulnerability does not pose an immediate and severe risk of system compromise or data breach; rather, it enables attackers to manipulate SQL queries and potentially execute arbitrary commands within the context of the application's database. Furthermore, the vulnerability can be effectively mitigated by applying the provided patch or by avoiding the use of the vulnerable query mode, thus reducing the risk of exploitation.\n\nRed Hat Satellite ships a PostgreSQL JDBC Driver which embeds into Candlepin. However, Candlepin doesn't directly utilize the PostgreSQL JDBC Driver and doesn't set PreferQueryMode. Therefore, although the affected component is shipped, the product impact is considered Low. This issue may be addressed in a future Satellite release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1597", }, { category: "external", summary: "RHBZ#2266523", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266523", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1597", url: "https://www.cve.org/CVERecord?id=CVE-2024-1597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", }, { category: "external", summary: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", url: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", }, { category: "external", summary: "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", url: "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", }, { category: "external", summary: "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", url: "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", }, { cve: "CVE-2024-22371", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266024", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Camel. This issue may allow an attacker to expose sensitive data by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent.", title: "Vulnerability description", }, { category: "summary", text: "camel-core: Exposure of sensitive data by crafting a malicious EventFactory", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22371", }, { category: "external", summary: "RHBZ#2266024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266024", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22371", url: "https://www.cve.org/CVERecord?id=CVE-2024-22371", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", }, { category: "external", summary: "https://camel.apache.org/security/CVE-2024-22371.html", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, { category: "external", summary: "https://issues.apache.org/jira/browse/CAMEL-20305", url: "https://issues.apache.org/jira/browse/CAMEL-20305", }, ], release_date: "2024-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "camel-core: Exposure of sensitive data by crafting a malicious EventFactory", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-02-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2264988", }, ], notes: [ { category: "description", text: "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25710", }, { category: "external", summary: "RHBZ#2264988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25710", url: "https://www.cve.org/CVERecord?id=CVE-2024-25710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/02/19/1", url: "http://www.openwall.com/lists/oss-security/2024/02/19/1", }, { category: "external", summary: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", url: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-02-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2264989", }, ], notes: [ { category: "description", text: "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.", title: "Vulnerability description", }, { category: "summary", text: "commons-compress: OutOfMemoryError unpacking broken Pack200 file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-26308", }, { category: "external", summary: "RHBZ#2264989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264989", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-26308", url: "https://www.cve.org/CVERecord?id=CVE-2024-26308", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", url: "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2024/02/19/2", url: "https://www.openwall.com/lists/oss-security/2024/02/19/2", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "commons-compress: OutOfMemoryError unpacking broken Pack200 file", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.