rhsa-2024_0989
Vulnerability from csaf_redhat
Published
2024-02-26 17:29
Modified
2024-12-17 17:28
Summary
Red Hat Security Advisory: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates
Notes
Topic
Red Hat Multicluster GlobalHub 1.0.2 General
Availability release images, which fix bugs, provide security updates, and update container images.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Multicluster GlobalHub 1.0.2 images
This advisory contains the container images for Red Hat Multicluster
GlobalHub, which fix several bugs.
Security fix(es):
CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on
go-git clients
CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path
traversal and RCE on go-git clients
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Multicluster GlobalHub 1.0.2 General\nAvailability release images, which fix bugs, provide security updates, and update container images.\n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Multicluster GlobalHub 1.0.2 images\n\nThis advisory contains the container images for Red Hat Multicluster\nGlobalHub, which fix several bugs.\n\nSecurity fix(es):\nCVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on\ngo-git clients\nCVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path\ntraversal and RCE on go-git clients", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0989", "url": "https://access.redhat.com/errata/RHSA-2024:0989" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "2258143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258143" }, { "category": "external", "summary": "2258165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0989.json" } ], "title": "Red Hat Security Advisory: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates", "tracking": { "current_release_date": "2024-12-17T17:28:02+00:00", "generator": { "date": "2024-12-17T17:28:02+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:0989", "initial_release_date": "2024-02-26T17:29:54+00:00", "revision_history": [ { "date": "2024-02-26T17:29:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-26T17:29:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T17:28:02+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "multicluster-globalhub 1.0 for RHEL 8", "product": { "name": "multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:multicluster_globalhub:1.0::el8" } } } ], "category": "product_family", "name": "multicluster-globalhub" }, { "branches": [ { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "product_id": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64", "product_id": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "product_id": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "product_id": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=v1.0.2-8" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "product_id": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel8-operator\u0026tag=v1.0.2-4" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "product": { "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "product_id": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "product": { "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "product_id": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "product": { "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "product_id": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "product": { "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "product_id": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=v1.0.2-8" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "product": { "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "product_id": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel8-operator\u0026tag=v1.0.2-4" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "product_id": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "product_id": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "product_id": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "product_id": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=v1.0.2-8" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64", "product": { "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64", "product_id": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel8-operator\u0026tag=v1.0.2-4" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "product": { "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "product_id": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "product": { "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "product_id": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "product": { "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "product_id": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel8\u0026tag=v1.0.2-4" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "product": { "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "product_id": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=v1.0.2-8" } } }, { "category": "product_version", "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "product": { "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "product_id": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel8-operator\u0026tag=v1.0.2-4" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64 as a component of multicluster-globalhub 1.0 for RHEL 8", "product_id": "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" }, "product_reference": "multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64", "relates_to_product_reference": "8Base-multicluster-globalhub-1.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-49568", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-01-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2258165" } ], "notes": [ { "category": "description", "text": "A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients", "title": "Vulnerability summary" }, { "category": "other", "text": "This problem only affects the go implementation and not the original git cli code. Applications using only in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64" ], "known_not_affected": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-49568" }, { "category": "external", "summary": "RHBZ#2258165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-49568", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49568" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49568" }, { "category": "external", "summary": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r", "url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r" } ], "release_date": "2023-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-26T17:29:54+00:00", "details": "See the multicluster global hub product documentation for more information:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html-single/multicluster_global_hub/index", "product_ids": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0989" }, { "category": "workaround", "details": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers.", "product_ids": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients" }, { "cve": "CVE-2023-49569", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-01-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2258143" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients", "title": "Vulnerability summary" }, { "category": "other", "text": "This problem only affects the go implementation and not the original git cli code. Applications using BoundOS or in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.\n\nIn OpenShift Container Platform (OCP) the vulnerable github.com/go-git/go-git/v5 Go package is used as a dependency in many components where the vulnerable function is not used, hence the impact by this vulnerability is reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64" ], "known_not_affected": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-49569" }, { "category": "external", "summary": "RHBZ#2258143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258143" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-49569", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49569" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49569", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49569" }, { "category": "external", "summary": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88", "url": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-26T17:29:54+00:00", "details": "See the multicluster global hub product documentation for more information:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html-single/multicluster_global_hub/index", "product_ids": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0989" }, { "category": "workaround", "details": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers.", "product_ids": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:3856accbfd9453a8253813bd7fda28ecc45fbba913d84ce581ecf0ee833a2d10_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:7cdf3e359221dd5eb8117d7a77489e5c4bbb604c88cf89a66487572d58b9a984_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:b717e41d0da207d3c408db45e45b9f1e04c571a8aeec660666940d915e8f210e_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-agent-rhel8@sha256:c1011210a5c32f870c0ee6e6f8b4af714b9a95f54cf66af34a6046d5de578149_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:1ef76a11be828aca4ec0c632f3150ee87428135b32917d7234990eb80b1f057f_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:2544b98f04ec7be5351670499b24a034c11ced5044f8b1db2ed67da6fcdcbdcb_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:8cbc93892f0d202f3d3e98a8f03c24cf83919e0d5bc1a4bdd9896720ab2f3b48_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-grafana-rhel8@sha256:d85e4abab1e6067d4aa9bdc74a12aafea6c27cbd82f53955ad99dbd61c720002_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:1fdaef37f9b43786044694d0c14a7e9673c2979dc61c3eac6891dd16bb299f05_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:4d0e300ebb675736a90c2afbf63e67138e8d5ec03f09401001a8ea889e07909f_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:980cd17ffd8e2c5b440b27957ee863347af0d0ab8a29451c568340dfc04897be_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-manager-rhel8@sha256:ff5527dcf070add76f0a38ae8a0c4c7bc4c5866b4ac0d8b7af0358299c65131b_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3a7d4c1c9681c837d4fd1f83a344cd763d2f7928df365fe81a3b8096d8515a79_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:491e2428d5ab542091b932e9e9100bbaf35dee9a0e0b13182d0a0170c5437fa1_amd64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:86a5ca45c59b1d8944487730e5d2ab29665571e2f56948c6fb2c461a672a6d30_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:aa5e7542350f54ee877a526e83bcd942d56609773bfb815343a9632a122eb626_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:0bac21dc461441dc30eada20eeb6569f13b9e0b1a3e84c206cea02d6264ea030_arm64", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:720c4f4b325dc1bc6b66baa78f82173772866e059372eab5203b54f9b179bd41_s390x", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:86f971a709a18d87c02e9592bc6cff966021dcdff8138e768547d01b7faa5ff5_ppc64le", "8Base-multicluster-globalhub-1.0:multicluster-globalhub/multicluster-globalhub-rhel8-operator@sha256:ad303a09ce533484937299ba9441b8310f87b6963766b318a2f726f0dd94b610_amd64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.