rhsa-2024_4520
Vulnerability from csaf_redhat
Published
2024-07-11 17:32
Modified
2024-09-18 13:44
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.16 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.16 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n\n* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4520",
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2272986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272986"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4520.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update",
"tracking": {
"current_release_date": "2024-09-18T13:44:47+00:00",
"generator": {
"date": "2024-09-18T13:44:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:4520",
"initial_release_date": "2024-07-11T17:32:34+00:00",
"revision_history": [
{
"date": "2024-07-11T17:32:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-11T17:32:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T13:44:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.16-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.16-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.16-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.16-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.16-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.16-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This issue permitted a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2024-30255",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2024-04-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272986"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Envoy. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30255"
},
{
"category": "external",
"summary": "RHBZ#2272986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272986"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30255"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30255",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30255"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood"
}
]
}
Loading...