csaf_redhat - rhsa-2024

rhsa-2024_4865

Vulnerability from csaf_redhat

Published

2024-07-25 10:40

Modified

2024-11-21 19:35

Summary

Red Hat Security Advisory: Red Hat Service Interconnect security update

Notes

Topic

An update is now available for Service Interconnect 1.4 LTS for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Security Fix(es): * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450) * skupper: potential authentication bypass to skupper console via forged cookies (CVE-2024-6535) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Service Interconnect 1.4 LTS for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)\n\n* python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)\n\n* skupper: potential authentication bypass to skupper console via forged cookies (CVE-2024-6535)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:4865",
        "url": "https://access.redhat.com/errata/RHSA-2024:4865"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4"
      },
      {
        "category": "external",
        "summary": "2276518",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276518"
      },
      {
        "category": "external",
        "summary": "2276525",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276525"
      },
      {
        "category": "external",
        "summary": "2296024",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4865.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Service Interconnect security update",
    "tracking": {
      "current_release_date": "2024-11-21T19:35:53+00:00",
      "generator": {
        "date": "2024-11-21T19:35:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:4865",
      "initial_release_date": "2024-07-25T10:40:59+00:00",
      "revision_history": [
        {
          "date": "2024-07-25T10:40:59+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-07-25T10:40:59+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T19:35:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "9Base-Service-Interconnect-1.4",
                "product": {
                  "name": "9Base-Service-Interconnect-1.4",
                  "product_id": "9Base-Service-Interconnect-1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Service Interconnect"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
                "product": {
                  "name": "service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
                  "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.4.7-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
                "product": {
                  "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
                  "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.4.7-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
                "product": {
                  "name": "service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
                  "product_id": "service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.4.7-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64",
                "product": {
                  "name": "service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64",
                  "product_id": "service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.4.3-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
                "product": {
                  "name": "service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
                  "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.4.7-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64",
                "product": {
                  "name": "service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64",
                  "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.4.7-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64"
        },
        "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64"
        },
        "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64"
        },
        "product_reference": "service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64"
        },
        "product_reference": "service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64"
        },
        "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
        },
        "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-6597",
      "cwe": {
        "id": "CWE-61",
        "name": "UNIX Symbolic Link (Symlink) Following"
      },
      "discovery_date": "2024-04-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2276518"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: Path traversal on tempfile.TemporaryDirectory",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64"
        ],
        "known_not_affected": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6597"
        },
        {
          "category": "external",
          "summary": "RHBZ#2276518",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276518"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6597",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6597"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-07-25T10:40:59+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4865"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python: Path traversal on tempfile.TemporaryDirectory"
    },
    {
      "cve": "CVE-2024-0450",
      "cwe": {
        "id": "CWE-450",
        "name": "Multiple Interpretations of UI Input"
      },
      "discovery_date": "2024-04-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2276525"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Python/CPython \u0027zipfile\u0027 that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: The zipfile module is vulnerable to zip-bombs leading to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64"
        ],
        "known_not_affected": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-0450"
        },
        {
          "category": "external",
          "summary": "RHBZ#2276525",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276525"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0450"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-07-25T10:40:59+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4865"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python: The zipfile module is vulnerable to zip-bombs leading to denial of service"
    },
    {
      "cve": "CVE-2024-6535",
      "cwe": {
        "id": "CWE-1392",
        "name": "Use of Default Credentials"
      },
      "discovery_date": "2024-07-05T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2296024"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "skupper: potential authentication bypass to skupper console via forged cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64"
        ],
        "known_not_affected": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:b5f38e37a967fc4373bfca1dd7859dd8c236741e0bd1d08ffd368f5210adf9c0_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:8dfcba321df37b69848ae80b106e00cf3ea0228a5e355ab033aa345140b14966_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:a100f9a030f00747fcfd0f4a5db31a0c0c383a7c1c09d3bde3ab50340c21a46b_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:866760e5ba2402b5d21ea92898a8a1e489ef09a3ac41dcd3847b512bfff0c9bd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-6535"
        },
        {
          "category": "external",
          "summary": "RHBZ#2296024",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6535"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6535",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6535"
        }
      ],
      "release_date": "2024-07-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-07-25T10:40:59+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4865"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:9c219837b8c9d91879e49c3600a617d911d6bf849fac38a4e202e0117f72a56e_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:a403092339ae2ee410200417701b4ffe69a08bd652f832949b646974d6178c3d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "skupper: potential authentication bypass to skupper console via forged cookies"
    }
  ]
}

cve-2024-6535

Vulnerability from cvelistv5

Published

2024-07-17 02:25

Modified

2024-09-18 08:58

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Skupper: potential authentication bypass to skupper console via forged cookies

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:4865	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:4871	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-6535	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2296024	issue-tracking, x_refsource_REDHAT

Impacted products

▼	Vendor	Product
	Red Hat	Service Interconnect 1.4 for RHEL 9
	Red Hat	Service Interconnect 1.4 for RHEL 9
	Red Hat	Service Interconnect 1 for RHEL 9
	Red Hat	Service Interconnect 1 for RHEL 9
	Red Hat	Red Hat Service Interconnect 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6535",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T15:24:58.883446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-18T15:16:27.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:03.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:4865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4865"
          },
          {
            "name": "RHSA-2024:4871",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4871"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-6535"
          },
          {
            "name": "RHBZ#2296024",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-flow-collector-rhel9",
          "product": "Service Interconnect 1.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.4.7-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-service-controller-rhel9",
          "product": "Service Interconnect 1.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.4.7-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-flow-collector-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.5.5-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-service-controller-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.5.5-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1"
          ],
          "defaultStatus": "affected",
          "packageName": "skupper",
          "product": "Red Hat Service Interconnect 1",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-07-17T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T08:58:03.227Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:4865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4865"
        },
        {
          "name": "RHSA-2024:4871",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4871"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-6535"
        },
        {
          "name": "RHBZ#2296024",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-05T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-07-17T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Skupper: potential authentication bypass to skupper console via forged cookies",
      "x_redhatCweChain": "CWE-1392: Use of Default Credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-6535",
    "datePublished": "2024-07-17T02:25:25.958Z",
    "dateReserved": "2024-07-05T18:48:04.548Z",
    "dateUpdated": "2024-09-18T08:58:03.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0450

Vulnerability from cvelistv5

Published

2024-03-19 15:12

Modified

2024-08-02 15:00

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Quoted zip-bomb protection for zipfile

References

▼	URL	Tags
	https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba	patch
	https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b	patch
	https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549	patch
	https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85	patch
	https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51	patch
	https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183	patch
	https://github.com/python/cpython/issues/109858	issue-tracking
	https://www.bamsoftware.com/hacks/zipbomb/
	https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html
	https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
	http://www.openwall.com/lists/oss-security/2024/03/20/5
	https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675	patch
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/

Impacted products

▼	Vendor	Product
	Python Software Foundation	CPython

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:04:49.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/109858"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bamsoftware.com/hacks/zipbomb/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python",
            "versions": [
              {
                "lessThan": "3.8.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "3.9.18"
              },
              {
                "status": "affected",
                "version": "3.10.13"
              },
              {
                "status": "affected",
                "version": "3.11.7"
              },
              {
                "status": "affected",
                "version": "3.12.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0450",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-20T14:30:38.300055Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:00:26.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.8.19",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.9.19",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.14",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.8",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.2",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0a3",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T19:24:15.993Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/109858"
        },
        {
          "url": "https://www.bamsoftware.com/hacks/zipbomb/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quoted zip-bomb protection for zipfile",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-0450",
    "datePublished": "2024-03-19T15:12:07.789Z",
    "dateReserved": "2024-01-11T22:16:41.964Z",
    "dateUpdated": "2024-08-02T15:00:26.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-6597

Vulnerability from cvelistv5

Published

2024-03-19 15:44

Modified

2024-11-05 19:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Summary

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

References

▼	URL	Tags
	https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d	patch
	https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5	patch
	https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25	patch
	https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82	patch
	https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b	patch
	https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a	patch
	https://github.com/python/cpython/issues/91133	issue-tracking
	https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
	http://www.openwall.com/lists/oss-security/2024/03/20/5
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/

Impacted products

▼	Vendor	Product
	Python Software Foundation	CPython

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python_software_foundation",
            "versions": [
              {
                "lessThan": "3.8.19",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.9.19",
                "status": "affected",
                "version": "3.9.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.10.14",
                "status": "affected",
                "version": "3.10.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.11.8",
                "status": "affected",
                "version": "3.11.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.12.1",
                "status": "affected",
                "version": "3.12.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.13.0a3",
                "status": "affected",
                "version": "3.13.0a1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T19:08:44.665083Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T19:16:27.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:14.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/91133"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.8.19",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.9.19",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.14",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.8",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.1",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0a3",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003cbr\u003e\u003cbr\u003eThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\u003cbr\u003e"
            }
          ],
          "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T19:24:11.289Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/91133"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2023-6597",
    "datePublished": "2024-03-19T15:44:28.989Z",
    "dateReserved": "2023-12-07T20:59:23.246Z",
    "dateUpdated": "2024-11-05T19:16:27.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2024_4865

Vulnerability from csaf_redhat

cve-2024-6535

Vulnerability from cvelistv5

cve-2024-0450

Vulnerability from cvelistv5

cve-2023-6597

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature