rhsa-2024_3868
Vulnerability from csaf_redhat
Published
2024-06-17 00:43
Modified
2024-11-06 22:08
Summary
Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift
Notes
Topic
Network Observability 1.6 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Network Observability 1.6.0
Security Fix(es):
* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak
* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function
* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
* CVE-2024-28849 follow-redirects: Possible credential leak
* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm
* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Network Observability 1.6 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Network Observability 1.6.0\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak\n* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON\n* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function\n* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests\n* CVE-2024-28849 follow-redirects: Possible credential leak\n* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm\n* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect\n* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm\n* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping\n* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3868", "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2253330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330" }, { "category": "external", "summary": "2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "2268017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017" }, { "category": "external", "summary": "2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "2268019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019" }, { "category": "external", "summary": "2268022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "NETOBSERV-1279", "url": "https://issues.redhat.com/browse/NETOBSERV-1279" }, { "category": "external", "summary": "NETOBSERV-1408", "url": "https://issues.redhat.com/browse/NETOBSERV-1408" }, { "category": "external", "summary": "NETOBSERV-1424", "url": "https://issues.redhat.com/browse/NETOBSERV-1424" }, { "category": "external", "summary": "NETOBSERV-1453", "url": "https://issues.redhat.com/browse/NETOBSERV-1453" }, { "category": "external", "summary": "NETOBSERV-1459", "url": "https://issues.redhat.com/browse/NETOBSERV-1459" }, { "category": "external", "summary": "NETOBSERV-1462", "url": "https://issues.redhat.com/browse/NETOBSERV-1462" }, { "category": "external", "summary": "NETOBSERV-1544", "url": "https://issues.redhat.com/browse/NETOBSERV-1544" }, { "category": "external", "summary": "NETOBSERV-1598", "url": "https://issues.redhat.com/browse/NETOBSERV-1598" }, { "category": "external", "summary": "NETOBSERV-1606", "url": "https://issues.redhat.com/browse/NETOBSERV-1606" }, { "category": "external", "summary": "NETOBSERV-1607", "url": "https://issues.redhat.com/browse/NETOBSERV-1607" }, { "category": "external", "summary": "NETOBSERV-1621", "url": "https://issues.redhat.com/browse/NETOBSERV-1621" }, { "category": "external", "summary": "NETOBSERV-1630", "url": "https://issues.redhat.com/browse/NETOBSERV-1630" }, { "category": "external", "summary": "NETOBSERV-1647", "url": "https://issues.redhat.com/browse/NETOBSERV-1647" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3868.json" } ], "title": "Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift", "tracking": { "current_release_date": "2024-11-06T22:08:50+00:00", "generator": { "date": "2024-11-06T22:08:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:3868", "initial_release_date": "2024-06-17T00:43:37+00:00", "revision_history": [ { "date": "2024-06-17T00:43:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-17T00:43:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T22:08:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "NETOBSERV 1.6 for RHEL 9", "product": { "name": "NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9" } } } ], "category": "product_family", "name": "Network Observability" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product_id": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product_id": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product_id": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product_id": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product_id": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product_id": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product_id": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product_id": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product_id": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product_id": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39326", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2253330" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39326" }, { "category": "external", "summary": "RHBZ#2253330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39326", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2382", "url": "https://pkg.go.dev/vuln/GO-2023-2382" } ], "release_date": "2023-12-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "No mitigation is available for this flaw.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests" }, { "cve": "CVE-2023-42282", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265161" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ip: arbitrary code execution via the isPublic() function", "title": "Vulnerability summary" }, { "category": "other", "text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-42282" }, { "category": "external", "summary": "RHBZ#2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-ip: arbitrary code execution via the isPublic() function" }, { "cve": "CVE-2023-45289", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268018" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45289" }, { "category": "external", "summary": "RHBZ#2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect" }, { "cve": "CVE-2023-45290", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268017" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45290" }, { "category": "external", "summary": "RHBZ#2268017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "category": "external", "summary": "https://go.dev/cl/569341", "url": "https://go.dev/cl/569341" }, { "category": "external", "summary": "https://go.dev/issue/65383", "url": "https://go.dev/issue/65383" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2599", "url": "https://pkg.go.dev/vuln/GO-2024-2599" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240329-0004", "url": "https://security.netapp.com/advisory/ntap-20240329-0004" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm" }, { "cve": "CVE-2024-24783", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268019" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24783" }, { "category": "external", "summary": "RHBZ#2268019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp" }, { "category": "external", "summary": "https://go.dev/cl/569339", "url": "https://go.dev/cl/569339" }, { "category": "external", "summary": "https://go.dev/issue/65390", "url": "https://go.dev/issue/65390" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2598", "url": "https://pkg.go.dev/vuln/GO-2024-2598" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240329-0005", "url": "https://security.netapp.com/advisory/ntap-20240329-0005" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm" }, { "cve": "CVE-2024-24785", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24785" }, { "category": "external", "summary": "RHBZ#2268022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785" }, { "category": "external", "summary": "https://go.dev/cl/564196", "url": "https://go.dev/cl/564196" }, { "category": "external", "summary": "https://go.dev/issue/65697", "url": "https://go.dev/issue/65697" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2024-2610.json", "url": "https://vuln.go.dev/ID/GO-2024-2610.json" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28849", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269576" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Possible credential leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28849" }, { "category": "external", "summary": "RHBZ#2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849" }, { "category": "external", "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "follow-redirects: Possible credential leak" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-29180", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270863" } ], "notes": [ { "category": "description", "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack-dev-middleware: lack of URL validation may lead to file leak", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29180" }, { "category": "external", "summary": "RHBZ#2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180" }, { "category": "external", "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" } ], "release_date": "2024-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "webpack-dev-middleware: lack of URL validation may lead to file leak" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.