RHSA-2024:9485
Vulnerability from csaf_redhat - Published: 2024-11-13 13:14 - Updated: 2026-04-03 22:45Summary
Red Hat Security Advisory: Control plane Operators for RHOSO 18.0.3 (Feature Release 1) security update
Severity
Important
Notes
Topic: Control plane Operators for RHOSO 18.0.3 (Feature Release 1).
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security fix(es):
* Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. (CVE-2024-34156)
* When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. (CVE-2023-45289)
* When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permitted a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. (CVE-2023-45290)
* Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. (CVE-2024-24783)
* The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. (CVE-2024-24784)
* If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the
html/template package, allowing for subsequent actions to inject unexpected content into templates. (CVE-2024-24785)
* A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. (CVE-2024-24788)
* Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. (CVE-2024-34155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Vendor Fix
RHOSO OpenStack Podified Control Plane Operators
https://access.redhat.com/errata/RHSA-2024:9485
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Vendor Fix
RHOSO OpenStack Podified Control Plane Operators
https://access.redhat.com/errata/RHSA-2024:9485
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Vendor Fix
RHOSO OpenStack Podified Control Plane Operators
https://access.redhat.com/errata/RHSA-2024:9485
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
5.4 (Medium)
Vendor Fix
RHOSO OpenStack Podified Control Plane Operators
https://access.redhat.com/errata/RHSA-2024:9485
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Vendor Fix
RHOSO OpenStack Podified Control Plane Operators
https://access.redhat.com/errata/RHSA-2024:9485
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.
7.5 (High)
Vendor Fix
RHOSO OpenStack Podified Control Plane Operators
https://access.redhat.com/errata/RHSA-2024:9485
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.
5.9 (Medium)
Vendor Fix
RHOSO OpenStack Podified Control Plane Operators
https://access.redhat.com/errata/RHSA-2024:9485
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
7.5 (High)
Vendor Fix
RHOSO OpenStack Podified Control Plane Operators
https://access.redhat.com/errata/RHSA-2024:9485
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Control plane Operators for RHOSO 18.0.3 (Feature Release 1).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security fix(es):\n\n* Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. (CVE-2024-34156)\n\n* When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. (CVE-2023-45289)\n\n* When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permitted a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. (CVE-2023-45290)\n\n* Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. (CVE-2024-24783)\n\n* The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. (CVE-2024-24784)\n\n* If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the\nhtml/template package, allowing for subsequent actions to inject unexpected content into templates. (CVE-2024-24785)\n\n* A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. (CVE-2024-24788)\n\n* Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. (CVE-2024-34155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9485",
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "2310527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
},
{
"category": "external",
"summary": "2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "OSPRH-10035",
"url": "https://issues.redhat.com/browse/OSPRH-10035"
},
{
"category": "external",
"summary": "OSPRH-10040",
"url": "https://issues.redhat.com/browse/OSPRH-10040"
},
{
"category": "external",
"summary": "OSPRH-10090",
"url": "https://issues.redhat.com/browse/OSPRH-10090"
},
{
"category": "external",
"summary": "OSPRH-10141",
"url": "https://issues.redhat.com/browse/OSPRH-10141"
},
{
"category": "external",
"summary": "OSPRH-10195",
"url": "https://issues.redhat.com/browse/OSPRH-10195"
},
{
"category": "external",
"summary": "OSPRH-10282",
"url": "https://issues.redhat.com/browse/OSPRH-10282"
},
{
"category": "external",
"summary": "OSPRH-10288",
"url": "https://issues.redhat.com/browse/OSPRH-10288"
},
{
"category": "external",
"summary": "OSPRH-10411",
"url": "https://issues.redhat.com/browse/OSPRH-10411"
},
{
"category": "external",
"summary": "OSPRH-105",
"url": "https://issues.redhat.com/browse/OSPRH-105"
},
{
"category": "external",
"summary": "OSPRH-10612",
"url": "https://issues.redhat.com/browse/OSPRH-10612"
},
{
"category": "external",
"summary": "OSPRH-10639",
"url": "https://issues.redhat.com/browse/OSPRH-10639"
},
{
"category": "external",
"summary": "OSPRH-10725",
"url": "https://issues.redhat.com/browse/OSPRH-10725"
},
{
"category": "external",
"summary": "OSPRH-1099",
"url": "https://issues.redhat.com/browse/OSPRH-1099"
},
{
"category": "external",
"summary": "OSPRH-11068",
"url": "https://issues.redhat.com/browse/OSPRH-11068"
},
{
"category": "external",
"summary": "OSPRH-1478",
"url": "https://issues.redhat.com/browse/OSPRH-1478"
},
{
"category": "external",
"summary": "OSPRH-2428",
"url": "https://issues.redhat.com/browse/OSPRH-2428"
},
{
"category": "external",
"summary": "OSPRH-3466",
"url": "https://issues.redhat.com/browse/OSPRH-3466"
},
{
"category": "external",
"summary": "OSPRH-3467",
"url": "https://issues.redhat.com/browse/OSPRH-3467"
},
{
"category": "external",
"summary": "OSPRH-4128",
"url": "https://issues.redhat.com/browse/OSPRH-4128"
},
{
"category": "external",
"summary": "OSPRH-6501",
"url": "https://issues.redhat.com/browse/OSPRH-6501"
},
{
"category": "external",
"summary": "OSPRH-6624",
"url": "https://issues.redhat.com/browse/OSPRH-6624"
},
{
"category": "external",
"summary": "OSPRH-6720",
"url": "https://issues.redhat.com/browse/OSPRH-6720"
},
{
"category": "external",
"summary": "OSPRH-6951",
"url": "https://issues.redhat.com/browse/OSPRH-6951"
},
{
"category": "external",
"summary": "OSPRH-7324",
"url": "https://issues.redhat.com/browse/OSPRH-7324"
},
{
"category": "external",
"summary": "OSPRH-7610",
"url": "https://issues.redhat.com/browse/OSPRH-7610"
},
{
"category": "external",
"summary": "OSPRH-7817",
"url": "https://issues.redhat.com/browse/OSPRH-7817"
},
{
"category": "external",
"summary": "OSPRH-7821",
"url": "https://issues.redhat.com/browse/OSPRH-7821"
},
{
"category": "external",
"summary": "OSPRH-8038",
"url": "https://issues.redhat.com/browse/OSPRH-8038"
},
{
"category": "external",
"summary": "OSPRH-8058",
"url": "https://issues.redhat.com/browse/OSPRH-8058"
},
{
"category": "external",
"summary": "OSPRH-8065",
"url": "https://issues.redhat.com/browse/OSPRH-8065"
},
{
"category": "external",
"summary": "OSPRH-8069",
"url": "https://issues.redhat.com/browse/OSPRH-8069"
},
{
"category": "external",
"summary": "OSPRH-8072",
"url": "https://issues.redhat.com/browse/OSPRH-8072"
},
{
"category": "external",
"summary": "OSPRH-8074",
"url": "https://issues.redhat.com/browse/OSPRH-8074"
},
{
"category": "external",
"summary": "OSPRH-8078",
"url": "https://issues.redhat.com/browse/OSPRH-8078"
},
{
"category": "external",
"summary": "OSPRH-8118",
"url": "https://issues.redhat.com/browse/OSPRH-8118"
},
{
"category": "external",
"summary": "OSPRH-8192",
"url": "https://issues.redhat.com/browse/OSPRH-8192"
},
{
"category": "external",
"summary": "OSPRH-8193",
"url": "https://issues.redhat.com/browse/OSPRH-8193"
},
{
"category": "external",
"summary": "OSPRH-8195",
"url": "https://issues.redhat.com/browse/OSPRH-8195"
},
{
"category": "external",
"summary": "OSPRH-8212",
"url": "https://issues.redhat.com/browse/OSPRH-8212"
},
{
"category": "external",
"summary": "OSPRH-8290",
"url": "https://issues.redhat.com/browse/OSPRH-8290"
},
{
"category": "external",
"summary": "OSPRH-8508",
"url": "https://issues.redhat.com/browse/OSPRH-8508"
},
{
"category": "external",
"summary": "OSPRH-8535",
"url": "https://issues.redhat.com/browse/OSPRH-8535"
},
{
"category": "external",
"summary": "OSPRH-8582",
"url": "https://issues.redhat.com/browse/OSPRH-8582"
},
{
"category": "external",
"summary": "OSPRH-9285",
"url": "https://issues.redhat.com/browse/OSPRH-9285"
},
{
"category": "external",
"summary": "OSPRH-9371",
"url": "https://issues.redhat.com/browse/OSPRH-9371"
},
{
"category": "external",
"summary": "OSPRH-9411",
"url": "https://issues.redhat.com/browse/OSPRH-9411"
},
{
"category": "external",
"summary": "OSPRH-9455",
"url": "https://issues.redhat.com/browse/OSPRH-9455"
},
{
"category": "external",
"summary": "OSPRH-9908",
"url": "https://issues.redhat.com/browse/OSPRH-9908"
},
{
"category": "external",
"summary": "OSPRH-9910",
"url": "https://issues.redhat.com/browse/OSPRH-9910"
},
{
"category": "external",
"summary": "OSPRH-9991",
"url": "https://issues.redhat.com/browse/OSPRH-9991"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9485.json"
}
],
"title": "Red Hat Security Advisory: Control plane Operators for RHOSO 18.0.3 (Feature Release 1) security update",
"tracking": {
"current_release_date": "2026-04-03T22:45:12+00:00",
"generator": {
"date": "2026-04-03T22:45:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2024:9485",
"initial_release_date": "2024-11-13T13:14:57+00:00",
"revision_history": [
{
"date": "2024-11-13T13:14:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-13T13:14:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-03T22:45:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "9Base-RHOSO-1.0-PODIFIED",
"product": {
"name": "9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:18.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Services on OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"product": {
"name": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"product_id": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/barbican-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"product": {
"name": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"product_id": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/cinder-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"product": {
"name": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"product_id": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/designate-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"product": {
"name": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"product_id": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"product_identification_helper": {
"purl": "pkg:oci/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/glance-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"product": {
"name": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"product_id": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/heat-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"product": {
"name": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"product_id": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/horizon-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"product": {
"name": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"product_id": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/infra-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"product": {
"name": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"product_id": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/ironic-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"product": {
"name": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"product_id": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/keystone-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"product": {
"name": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"product_id": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/manila-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"product": {
"name": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"product_id": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/mariadb-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"product": {
"name": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"product_id": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/neutron-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"product": {
"name": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"product_id": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/nova-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"product": {
"name": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"product_id": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"product_identification_helper": {
"purl": "pkg:oci/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/octavia-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"product": {
"name": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"product_id": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/openstack-baremetal-agent-rhel9\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"product": {
"name": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"product_id": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/openstack-baremetal-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"product": {
"name": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"product_id": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/openstack-must-gather-rhel9\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"product": {
"name": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"product_id": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/openstack-rhel9-operator\u0026tag=1.0.4-6"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"product": {
"name": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"product_id": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/ovn-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"product": {
"name": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"product_id": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/placement-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"product": {
"name": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"product_id": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/rabbitmq-cluster-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"product": {
"name": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"product_id": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/sg-core-rhel9\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"product": {
"name": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"product_id": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"product_identification_helper": {
"purl": "pkg:oci/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/swift-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"product": {
"name": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"product_id": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"product_identification_helper": {
"purl": "pkg:oci/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/telemetry-rhel9-operator\u0026tag=1.0.4-4"
}
}
},
{
"category": "product_version",
"name": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64",
"product": {
"name": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64",
"product_id": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/test-rhel9-operator\u0026tag=1.0.4-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64"
},
"product_reference": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64"
},
"product_reference": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64"
},
"product_reference": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64"
},
"product_reference": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64"
},
"product_reference": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64"
},
"product_reference": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64"
},
"product_reference": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64"
},
"product_reference": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64"
},
"product_reference": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64"
},
"product_reference": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64"
},
"product_reference": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64"
},
"product_reference": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64"
},
"product_reference": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64"
},
"product_reference": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64"
},
"product_reference": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64"
},
"product_reference": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64"
},
"product_reference": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64"
},
"product_reference": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64"
},
"product_reference": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64"
},
"product_reference": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64"
},
"product_reference": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64"
},
"product_reference": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64"
},
"product_reference": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64"
},
"product_reference": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED",
"product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
},
"product_reference": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64",
"relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T13:14:57+00:00",
"details": "RHOSO OpenStack Podified Control Plane Operators",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T13:14:57+00:00",
"details": "RHOSO OpenStack Podified Control Plane Operators",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T13:14:57+00:00",
"details": "RHOSO OpenStack Podified Control Plane Operators",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T13:14:57+00:00",
"details": "RHOSO OpenStack Podified Control Plane Operators",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T13:14:57+00:00",
"details": "RHOSO OpenStack Podified Control Plane Operators",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-24788",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: malformed DNS message can cause infinite loop",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24788"
},
{
"category": "external",
"summary": "RHBZ#2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2824",
"url": "https://pkg.go.dev/vuln/GO-2024-2824"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T13:14:57+00:00",
"details": "RHOSO OpenStack Podified Control Plane Operators",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: malformed DNS message can cause infinite loop"
},
{
"cve": "CVE-2024-34155",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:06.929766+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310527"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "RHBZ#2310527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155"
},
{
"category": "external",
"summary": "https://go.dev/cl/611238",
"url": "https://go.dev/cl/611238"
},
{
"category": "external",
"summary": "https://go.dev/issue/69138",
"url": "https://go.dev/issue/69138"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3105",
"url": "https://pkg.go.dev/vuln/GO-2024-3105"
}
],
"release_date": "2024-09-06T21:15:11.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T13:14:57+00:00",
"details": "RHOSO OpenStack Podified Control Plane Operators",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion"
},
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T13:14:57+00:00",
"details": "RHOSO OpenStack Podified Control Plane Operators",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64",
"9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…