rhsa-2024_3919
Vulnerability from csaf_redhat
Published
2024-06-13 11:37
Modified
2024-11-06 06:09
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Notes
Topic
Migration Toolkit for Runtimes 1.2.6 release
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.2.6 Images
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)
* keycloak: path transversal in redirection validation (CVE-2024-1132)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Migration Toolkit for Runtimes 1.2.6 release\nRed Hat Product Security has rated this update as having a security impact of Important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Migration Toolkit for Runtimes 1.2.6 Images\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)\n* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)\n* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)\n* keycloak: path transversal in redirection validation (CVE-2024-1132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3919", "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "2239630", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630" }, { "category": "external", "summary": "2250364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364" }, { "category": "external", "summary": "2254559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559" }, { "category": "external", "summary": "2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3919.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update", "tracking": { "current_release_date": "2024-11-06T06:09:08+00:00", "generator": { "date": "2024-11-06T06:09:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:3919", "initial_release_date": "2024-06-13T11:37:27+00:00", "revision_history": [ { "date": "2024-06-13T11:37:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-13T11:37:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T06:09:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Migration Toolkit for Runtimes 1 on RHEL 8", "product": { "name": "Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1", "product_identification_helper": { "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" } } } ], "category": "product_family", "name": "Migration Toolkit for Runtimes" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "product": { "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "product_id": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "product": { "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "product_id": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "product_id": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "product": { "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "product_id": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "product": { "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "product_id": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "product_id": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "product": { "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "product_id": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "product": { "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "product_id": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "product": { "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "product_id": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "product": { "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "product_id": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "product_id": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64" }, "product_reference": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x" }, "product_reference": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64" }, "product_reference": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le" }, "product_reference": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64", "relates_to_product_reference": "8Base-MTR-1" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Ankur Sundara" ] } ], "cve": "CVE-2023-4639", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Cookie Smuggling/Spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "category": "external", "summary": "RHBZ#2166022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Cookie Smuggling/Spoofing" }, { "cve": "CVE-2023-26364", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2250364" } ], "notes": [ { "category": "description", "text": "A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26364" }, { "category": "external", "summary": "RHBZ#2250364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26364", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364" }, { "category": "external", "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg", "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg" } ], "release_date": "2023-11-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "category": "workaround", "details": "No mitigation is yet available for this vulnerability.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression" }, { "cve": "CVE-2023-36479", "cwe": { "id": "CWE-149", "name": "Improper Neutralization of Quoting Syntax" }, "discovery_date": "2023-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2239630" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-36479" }, { "category": "external", "summary": "RHBZ#2239630", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479" } ], "release_date": "2023-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet" }, { "cve": "CVE-2023-48631", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254559" } ], "notes": [ { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe\u0027s css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.", "title": "Vulnerability description" }, { "category": "summary", "text": "css-tools: regular expression denial of service (ReDoS) when parsing CSS", "title": "Vulnerability summary" }, { "category": "other", "text": "The Regular Expression Denial of Service (ReDoS) vulnerability in css-tools, triggered by improper input validation when parsing CSS, is considered of moderate severity. While it can lead to a denial of service by causing the application to become unresponsive, the impact is limited to scenarios where an attacker can provide crafted input. Additionally, the absence of evidence of active exploitation in the wild and contextual factors, such as the software\u0027s usage, contribute to the moderate severity rating.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48631" }, { "category": "external", "summary": "RHBZ#2254559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48631", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48631" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631" }, { "category": "external", "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2", "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2" } ], "release_date": "2023-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "css-tools: regular expression denial of service (ReDoS) when parsing CSS" }, { "acknowledgments": [ { "names": [ "Axel Flamcourt" ] } ], "cve": "CVE-2024-1132", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2262117" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path transversal in redirection validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "category": "external", "summary": "RHBZ#2262117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-13T11:37:27+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "category": "workaround", "details": "No current mitigation is available for this vulnerability.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path transversal in redirection validation" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.