csaf_redhat - rhsa-2024

rhsa-2024_0853

Vulnerability from csaf_redhat

Published

2024-02-21 13:32

Modified

2024-11-14 00:24

Summary

Red Hat Security Advisory: Network Observability 1.5.0 for OpenShift

Notes

Topic

Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

Details

Network Observability 1.5.0 Security Fix(es): * CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.\n\nThe operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Network Observability 1.5.0\n\nSecurity Fix(es):\n\n* CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0853",
        "url": "https://access.redhat.com/errata/RHSA-2024:0853"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2256413",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1134",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1134"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1225",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1225"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1286",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1286"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1293",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1293"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1305",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1305"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1311",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1311"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1313",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1313"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1316",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1316"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1335",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1335"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1341",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1341"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1351",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1351"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1380",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1380"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1430",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1430"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1443",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1443"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-1464",
        "url": "https://issues.redhat.com/browse/NETOBSERV-1464"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-245",
        "url": "https://issues.redhat.com/browse/NETOBSERV-245"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-657",
        "url": "https://issues.redhat.com/browse/NETOBSERV-657"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-676",
        "url": "https://issues.redhat.com/browse/NETOBSERV-676"
      },
      {
        "category": "external",
        "summary": "NETOBSERV-763",
        "url": "https://issues.redhat.com/browse/NETOBSERV-763"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0853.json"
      }
    ],
    "title": "Red Hat Security Advisory: Network Observability 1.5.0 for OpenShift",
    "tracking": {
      "current_release_date": "2024-11-14T00:24:29+00:00",
      "generator": {
        "date": "2024-11-14T00:24:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2024:0853",
      "initial_release_date": "2024-02-21T13:32:07+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T13:32:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-21T13:32:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T00:24:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "NETOBSERV 1.5 for RHEL 9",
                "product": {
                  "name": "NETOBSERV 1.5 for RHEL 9",
                  "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_observ_optr:1.5.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Network Observability"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le",
                "product": {
                  "name": "network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le",
                  "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le",
                "product": {
                  "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le",
                  "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le",
                "product": {
                  "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le",
                  "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le",
                "product": {
                  "name": "network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le",
                  "product_id": "network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.5.0-110"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le",
                "product": {
                  "name": "network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le",
                  "product_id": "network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.5.0-89"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x",
                "product": {
                  "name": "network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x",
                  "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x",
                "product": {
                  "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x",
                  "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x",
                "product": {
                  "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x",
                  "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x",
                "product": {
                  "name": "network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x",
                  "product_id": "network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.5.0-110"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x",
                "product": {
                  "name": "network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x",
                  "product_id": "network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.5.0-89"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64",
                "product": {
                  "name": "network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64",
                  "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64",
                "product": {
                  "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64",
                  "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64",
                "product": {
                  "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64",
                  "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64",
                "product": {
                  "name": "network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64",
                  "product_id": "network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.5.0-110"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64",
                "product": {
                  "name": "network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64",
                  "product_id": "network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.5.0-89"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64",
                "product": {
                  "name": "network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64",
                  "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64",
                "product": {
                  "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64",
                  "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64",
                "product": {
                  "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64",
                  "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.5.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64",
                "product": {
                  "name": "network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64",
                  "product_id": "network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.5.0-110"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64",
                "product": {
                  "name": "network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64",
                  "product_id": "network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.5.0-89"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le"
        },
        "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x"
        },
        "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64"
        },
        "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64"
        },
        "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x"
        },
        "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64"
        },
        "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64"
        },
        "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le"
        },
        "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64"
        },
        "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le"
        },
        "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x"
        },
        "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64"
        },
        "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le"
        },
        "product_reference": "network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64"
        },
        "product_reference": "network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x"
        },
        "product_reference": "network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64"
        },
        "product_reference": "network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64"
        },
        "product_reference": "network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64 as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64"
        },
        "product_reference": "network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x"
        },
        "product_reference": "network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le as a component of NETOBSERV 1.5 for RHEL 9",
          "product_id": "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le"
        },
        "product_reference": "network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le",
        "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.5.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26159",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-01-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2256413"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64"
        ],
        "known_not_affected": [
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x",
          "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "RHBZ#2256413",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
        }
      ],
      "release_date": "2024-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-21T13:32:07+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:44b139d80784617055688a85a1257a6b29dd337281be23ad70bb431bd4bddd37_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:9eb9f3de0debd6c29c44512b447d917a4439f552ac913763565d5011a5ea4bfb_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d22a932d5cfbe8e79542ad4d718f09724bd6a37ced80ac29b7d9c8c9dc2148cd_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f456e8892837b334436ce9417364fbca1c00395e54fa9b8a82b97e0bd1a311ba_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:0e8486070198313ee1ec61bb515a2c2479ccefcd497d1e3d8deee66e05642db7_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:514cfc58f43b4e9a544d8c49ba595f17e423fca99b0cdad7022983cdbba206e2_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bfef12fb923f1d49daa1d0209834f89ae42455deb7576ccd7257deb6bb083f5f_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:ceea44928d9c0a31ee2ace2b66c470666a3be9795921f3ca18e2c101025dab57_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:54265e4e7303a2360e93b08a562a6adb9ea56440ad5f44c9b17344215520a16a_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:c97aff3b0ed506b2a1e34c1b22878dc42c6ef3ebf03b73147e8879e23ab5f8af_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:e9e9c7032c1cb1c613fc7bde020b2f281d9509441f093754c55127cc54112d57_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-operator-bundle@sha256:fc26b4d8bcba231af681b5b148572d31b91d1498621479926ee5f8ea5056702e_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:3f5bc47665e0ee6eb3a9d1f500e4592fb79c8fc42bcd11685f15f046906512fb_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:59e8c9627d5cd581a4d1a77d875a9754709bbb05a530b5893ee70460a9b8c7a2_amd64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:61728634fb37058c60c0942103eaf64aded578d9d5fe3c2bac2d55d569b5a553_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-rhel9-operator@sha256:d5ae40575fff6b91173d2ca9c05015e2a9a0134532d3ddeb78ba8a33eaf30515_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:0335cfa3eef8bd0a23af93c1dd0db1eb587b1e32ef3f6c634b6582655a73d47a_ppc64le",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:089af8c30c1e0f417859fbd1ea2e2c789b1b2cc63e83ff36b7e8080197ea3f27_s390x",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:200a01e89cfaab556fb22a4a01cc25df0746998c3d2cce6a6fc9d43cecb23490_arm64",
            "9Base-NETWORK-OBSERVABILITY-1.5.0:network-observability/network-observability-console-plugin-rhel9@sha256:78d96d58fd232fee462a60a8fb71293e7cdbe93cb4437459497e87ff24f55ec3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
    }
  ]
}

cve-2023-26159

Vulnerability from cvelistv5

Published

2024-01-02 05:00

Modified

2024-08-02 11:39

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P

Summary

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

References

▼	URL	Tags
	https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
	https://github.com/follow-redirects/follow-redirects/issues/235
	https://github.com/follow-redirects/follow-redirects/pull/236
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/

Impacted products

▼	Vendor	Product
	n/a	follow-redirects

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:06.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/follow-redirects/follow-redirects/issues/235"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/follow-redirects/follow-redirects/pull/236"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "follow-redirects",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.15.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kim Donggyu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-02T05:00:00.659Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137"
        },
        {
          "url": "https://github.com/follow-redirects/follow-redirects/issues/235"
        },
        {
          "url": "https://github.com/follow-redirects/follow-redirects/pull/236"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2023-26159",
    "datePublished": "2024-01-02T05:00:00.659Z",
    "dateReserved": "2023-02-20T10:28:48.931Z",
    "dateUpdated": "2024-08-02T11:39:06.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted