rhsa-2024_6656
Vulnerability from csaf_redhat
Published
2024-09-12 15:45
Modified
2024-11-06 06:56
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Notes
Topic
Migration Toolkit for Runtimes 1.2.7 release
Red Hat Product Security has rated this update as having a security impact of Moderate.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.2.7 Images
Security Fix(es):
* org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled (CVE-2022-36033)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Migration Toolkit for Runtimes 1.2.7 release\nRed Hat Product Security has rated this update as having a security impact of Moderate.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Runtimes 1.2.7 Images\n\nSecurity Fix(es):\n\n* org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled (CVE-2022-36033)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6656",
"url": "https://access.redhat.com/errata/RHSA-2024:6656"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "WINDUPRULE-1050",
"url": "https://issues.redhat.com/browse/WINDUPRULE-1050"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6656.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-06T06:56:27+00:00",
"generator": {
"date": "2024-11-06T06:56:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:6656",
"initial_release_date": "2024-09-12T15:45:34+00:00",
"revision_history": [
{
"date": "2024-09-12T15:45:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-12T15:45:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T06:56:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product": {
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Runtimes"
},
{
"branches": [
{
"category": "product_version",
"name": "mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64",
"product": {
"name": "mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64",
"product_id": "mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-27"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64",
"product": {
"name": "mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64",
"product_id": "mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-17"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64",
"product": {
"name": "mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64",
"product_id": "mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64",
"product": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64",
"product_id": "mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=latest"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64",
"product": {
"name": "mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64",
"product_id": "mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-27"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64",
"product": {
"name": "mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64",
"product_id": "mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-17"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64",
"product": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64",
"product_id": "mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=latest"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le",
"product": {
"name": "mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le",
"product_id": "mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-27"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le",
"product": {
"name": "mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le",
"product_id": "mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-17"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le",
"product": {
"name": "mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le",
"product_id": "mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le",
"product": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le",
"product_id": "mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=latest"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x",
"product": {
"name": "mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x",
"product_id": "mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-27"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x",
"product": {
"name": "mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x",
"product_id": "mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-17"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x",
"product": {
"name": "mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x",
"product_id": "mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x",
"product": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x",
"product_id": "mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=latest"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64"
},
"product_reference": "mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64"
},
"product_reference": "mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le"
},
"product_reference": "mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x"
},
"product_reference": "mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64"
},
"product_reference": "mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le"
},
"product_reference": "mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64"
},
"product_reference": "mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x"
},
"product_reference": "mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le"
},
"product_reference": "mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x"
},
"product_reference": "mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64"
},
"product_reference": "mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64"
},
"product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le"
},
"product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x"
},
"product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64"
},
"product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64",
"relates_to_product_reference": "8Base-MTR-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-36033",
"cwe": {
"id": "CWE-87",
"name": "Improper Neutralization of Alternate XSS Syntax"
},
"discovery_date": "2022-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2127078"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsoup, a Java HTML parser built for HTML editing, cleaning, scraping, and Cross-site scripting (XSS) safety. An issue in jsoup may incorrectly sanitize HTML, including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML, including `javascript:` URLs crafted with control characters, will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36033"
},
{
"category": "external",
"summary": "RHBZ#2127078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36033"
}
],
"release_date": "2022-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T15:45:34+00:00",
"details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.",
"product_ids": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:190a6fa2a6a9b6b182cdf9cab18814d05c203b54ca18dc533e553fa5dcca779e_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:75ebbef1804fbcb83ee23b2e65ea2a70612ecc6d4db5185274944c9651cedbfd_arm64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d21a3b40cd89103a1d280ea8d91f17b55d0ab31c340510989c296d9d6b207a63_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d3049bd81b789e1e6139f65482f2a561e2f3951ff23a2053fe3aea1c920171c1_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:1ea56096b9b1101e226f1f9bf08a04f7c9a34e926004ad385db47c0ea6de1e73_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:6d9f1cd11c62b093d0998ada19d570d2dc2aa81548e6bacb9b1a141d58d53c0c_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7d50eab932d763330b1ce37d36842598f110884c1af798e1f2f5629c5d223e52_amd64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:dffa2b0c8da17f275ddbb7c93d298fa863e223c9135838b5cf305ae09a1b99c1_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:0a0662d4d8215057624af15121f03206d13665df318ca1075a5fe605b49d8ead_ppc64le",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:0fba106644240713f8ebbad92089b4e63a8030ecb4671ab12cd21cdd47d10459_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:487d22a14ff07e7fb2c1c16e054481bbd5e59b3de9dabb871c75885f7b9e3801_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:607c54e52652334be36ef3b10745df01c42dc9f95787ca3e9e472a10d3982cf3_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:61cc20767de585645674ba9754872e2a8195a17d2a2406c2465621fcf9750bda_ppc64le",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a7e78424a9f361181f5d07f17ace0659be0d2f1156cf3457836a94a116e75839_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:df22ed74f2ef56af2192da45fa02e1e4ab76e2106b4b42740a1160df06b9d259_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.