rhsa-2024_9485
Vulnerability from csaf_redhat
Published
2024-11-13 13:14
Modified
2024-12-17 22:52
Summary
Red Hat Security Advisory: Control plane Operators for RHOSO 18.0.3 (Feature Release 1) security update
Notes
Topic
Control plane Operators for RHOSO 18.0.3 (Feature Release 1).
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security fix(es):
* Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. (CVE-2024-34156)
* When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. (CVE-2023-45289)
* When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permitted a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. (CVE-2023-45290)
* Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. (CVE-2024-24783)
* The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. (CVE-2024-24784)
* If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the
html/template package, allowing for subsequent actions to inject unexpected content into templates. (CVE-2024-24785)
* A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. (CVE-2024-24788)
* Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. (CVE-2024-34155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Control plane Operators for RHOSO 18.0.3 (Feature Release 1).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Security fix(es):\n\n* Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. (CVE-2024-34156)\n\n* When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. (CVE-2023-45289)\n\n* When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permitted a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. (CVE-2023-45290)\n\n* Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. (CVE-2024-24783)\n\n* The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. (CVE-2024-24784)\n\n* If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the\nhtml/template package, allowing for subsequent actions to inject unexpected content into templates. (CVE-2024-24785)\n\n* A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. (CVE-2024-24788)\n\n* Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. (CVE-2024-34155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:9485", "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2268017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017" }, { "category": "external", "summary": "2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "2268019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019" }, { "category": "external", "summary": "2268021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021" }, { "category": "external", "summary": "2268022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022" }, { "category": "external", "summary": "2279814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814" }, { "category": "external", "summary": "2310527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527" }, { "category": "external", "summary": "2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "OSPRH-10035", "url": "https://issues.redhat.com/browse/OSPRH-10035" }, { "category": "external", "summary": "OSPRH-10040", "url": "https://issues.redhat.com/browse/OSPRH-10040" }, { "category": "external", "summary": "OSPRH-10090", "url": "https://issues.redhat.com/browse/OSPRH-10090" }, { "category": "external", "summary": "OSPRH-10141", "url": "https://issues.redhat.com/browse/OSPRH-10141" }, { "category": "external", "summary": "OSPRH-10195", "url": "https://issues.redhat.com/browse/OSPRH-10195" }, { "category": "external", "summary": "OSPRH-10282", "url": "https://issues.redhat.com/browse/OSPRH-10282" }, { "category": "external", "summary": "OSPRH-10288", "url": "https://issues.redhat.com/browse/OSPRH-10288" }, { "category": "external", "summary": "OSPRH-10411", "url": "https://issues.redhat.com/browse/OSPRH-10411" }, { "category": "external", "summary": "OSPRH-105", "url": "https://issues.redhat.com/browse/OSPRH-105" }, { "category": "external", "summary": "OSPRH-10612", "url": "https://issues.redhat.com/browse/OSPRH-10612" }, { "category": "external", "summary": "OSPRH-10639", "url": "https://issues.redhat.com/browse/OSPRH-10639" }, { "category": "external", "summary": "OSPRH-10725", "url": "https://issues.redhat.com/browse/OSPRH-10725" }, { "category": "external", "summary": "OSPRH-1099", "url": "https://issues.redhat.com/browse/OSPRH-1099" }, { "category": "external", "summary": "OSPRH-11068", "url": "https://issues.redhat.com/browse/OSPRH-11068" }, { "category": "external", "summary": "OSPRH-1478", "url": "https://issues.redhat.com/browse/OSPRH-1478" }, { "category": "external", "summary": "OSPRH-2428", "url": "https://issues.redhat.com/browse/OSPRH-2428" }, { "category": "external", "summary": "OSPRH-3466", "url": "https://issues.redhat.com/browse/OSPRH-3466" }, { "category": "external", "summary": "OSPRH-3467", "url": "https://issues.redhat.com/browse/OSPRH-3467" }, { "category": "external", "summary": "OSPRH-4128", "url": "https://issues.redhat.com/browse/OSPRH-4128" }, { "category": "external", "summary": "OSPRH-6501", "url": "https://issues.redhat.com/browse/OSPRH-6501" }, { "category": "external", "summary": "OSPRH-6624", "url": "https://issues.redhat.com/browse/OSPRH-6624" }, { "category": "external", "summary": "OSPRH-6720", "url": "https://issues.redhat.com/browse/OSPRH-6720" }, { "category": "external", "summary": "OSPRH-6951", "url": "https://issues.redhat.com/browse/OSPRH-6951" }, { "category": "external", "summary": "OSPRH-7324", "url": "https://issues.redhat.com/browse/OSPRH-7324" }, { "category": "external", "summary": "OSPRH-7610", "url": "https://issues.redhat.com/browse/OSPRH-7610" }, { "category": "external", "summary": "OSPRH-7817", "url": "https://issues.redhat.com/browse/OSPRH-7817" }, { "category": "external", "summary": "OSPRH-7821", "url": "https://issues.redhat.com/browse/OSPRH-7821" }, { "category": "external", "summary": "OSPRH-8038", "url": "https://issues.redhat.com/browse/OSPRH-8038" }, { "category": "external", "summary": "OSPRH-8058", "url": "https://issues.redhat.com/browse/OSPRH-8058" }, { "category": "external", "summary": "OSPRH-8065", "url": "https://issues.redhat.com/browse/OSPRH-8065" }, { "category": "external", "summary": "OSPRH-8069", "url": "https://issues.redhat.com/browse/OSPRH-8069" }, { "category": "external", "summary": "OSPRH-8072", "url": "https://issues.redhat.com/browse/OSPRH-8072" }, { "category": "external", "summary": "OSPRH-8074", "url": "https://issues.redhat.com/browse/OSPRH-8074" }, { "category": "external", "summary": "OSPRH-8078", "url": "https://issues.redhat.com/browse/OSPRH-8078" }, { "category": "external", "summary": "OSPRH-8118", "url": "https://issues.redhat.com/browse/OSPRH-8118" }, { "category": "external", "summary": "OSPRH-8192", "url": "https://issues.redhat.com/browse/OSPRH-8192" }, { "category": "external", "summary": "OSPRH-8193", "url": "https://issues.redhat.com/browse/OSPRH-8193" }, { "category": "external", "summary": "OSPRH-8195", "url": "https://issues.redhat.com/browse/OSPRH-8195" }, { "category": "external", "summary": "OSPRH-8212", "url": "https://issues.redhat.com/browse/OSPRH-8212" }, { "category": "external", "summary": "OSPRH-8290", "url": "https://issues.redhat.com/browse/OSPRH-8290" }, { "category": "external", "summary": "OSPRH-8508", "url": "https://issues.redhat.com/browse/OSPRH-8508" }, { "category": "external", "summary": "OSPRH-8535", "url": "https://issues.redhat.com/browse/OSPRH-8535" }, { "category": "external", "summary": "OSPRH-8582", "url": "https://issues.redhat.com/browse/OSPRH-8582" }, { "category": "external", "summary": "OSPRH-9285", "url": "https://issues.redhat.com/browse/OSPRH-9285" }, { "category": "external", "summary": "OSPRH-9371", "url": "https://issues.redhat.com/browse/OSPRH-9371" }, { "category": "external", "summary": "OSPRH-9411", "url": "https://issues.redhat.com/browse/OSPRH-9411" }, { "category": "external", "summary": "OSPRH-9455", "url": "https://issues.redhat.com/browse/OSPRH-9455" }, { "category": "external", "summary": "OSPRH-9908", "url": "https://issues.redhat.com/browse/OSPRH-9908" }, { "category": "external", "summary": "OSPRH-9910", "url": "https://issues.redhat.com/browse/OSPRH-9910" }, { "category": "external", "summary": "OSPRH-9991", "url": "https://issues.redhat.com/browse/OSPRH-9991" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9485.json" } ], "title": "Red Hat Security Advisory: Control plane Operators for RHOSO 18.0.3 (Feature Release 1) security update", "tracking": { "current_release_date": "2024-12-17T22:52:33+00:00", "generator": { "date": "2024-12-17T22:52:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:9485", "initial_release_date": "2024-11-13T13:14:57+00:00", "revision_history": [ { "date": "2024-11-13T13:14:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-13T13:14:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T22:52:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "9Base-RHOSO-1.0-PODIFIED", "product": { "name": "9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9" } } } ], "category": "product_family", "name": "Red Hat OpenStack Services on OpenShift" }, { "branches": [ { "category": "product_version", "name": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "product": { "name": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "product_id": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "product_identification_helper": { "purl": "pkg:oci/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/barbican-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "product": { "name": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "product_id": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "product_identification_helper": { "purl": "pkg:oci/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/cinder-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "product": { "name": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "product_id": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "product_identification_helper": { "purl": "pkg:oci/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/designate-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "product": { "name": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "product_id": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "product_identification_helper": { "purl": "pkg:oci/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/glance-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "product": { "name": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "product_id": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "product_identification_helper": { "purl": "pkg:oci/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/heat-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "product": { "name": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "product_id": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "product_identification_helper": { "purl": "pkg:oci/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/horizon-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "product": { "name": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "product_id": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "product_identification_helper": { "purl": "pkg:oci/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/infra-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "product": { "name": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "product_id": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "product_identification_helper": { "purl": "pkg:oci/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/ironic-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "product": { "name": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "product_id": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "product_identification_helper": { "purl": "pkg:oci/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/keystone-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "product": { "name": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "product_id": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "product_identification_helper": { "purl": "pkg:oci/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/manila-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "product": { "name": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "product_id": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "product_identification_helper": { "purl": "pkg:oci/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/mariadb-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "product": { "name": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "product_id": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "product_identification_helper": { "purl": "pkg:oci/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/neutron-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "product": { "name": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "product_id": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "product_identification_helper": { "purl": "pkg:oci/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/nova-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "product": { "name": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "product_id": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "product_identification_helper": { "purl": "pkg:oci/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/octavia-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "product": { "name": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "product_id": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "product_identification_helper": { "purl": "pkg:oci/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/openstack-baremetal-agent-rhel9\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "product": { "name": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "product_id": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "product_identification_helper": { "purl": "pkg:oci/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/openstack-baremetal-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "product": { "name": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "product_id": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "product_identification_helper": { "purl": "pkg:oci/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/openstack-must-gather-rhel9\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "product": { "name": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "product_id": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "product_identification_helper": { "purl": "pkg:oci/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/openstack-rhel9-operator\u0026tag=1.0.4-6" } } }, { "category": "product_version", "name": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "product": { "name": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "product_id": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "product_identification_helper": { "purl": "pkg:oci/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/ovn-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "product": { "name": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "product_id": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "product_identification_helper": { "purl": "pkg:oci/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/placement-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "product": { "name": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "product_id": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "product_identification_helper": { "purl": "pkg:oci/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/rabbitmq-cluster-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "product": { "name": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "product_id": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "product_identification_helper": { "purl": "pkg:oci/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/sg-core-rhel9\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "product": { "name": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "product_id": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "product_identification_helper": { "purl": "pkg:oci/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/swift-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "product": { "name": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "product_id": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "product_identification_helper": { "purl": "pkg:oci/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/telemetry-rhel9-operator\u0026tag=1.0.4-4" } } }, { "category": "product_version", "name": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64", "product": { "name": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64", "product_id": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64", "product_identification_helper": { "purl": "pkg:oci/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98?arch=amd64\u0026repository_url=registry.redhat.io/rhoso-operators/test-rhel9-operator\u0026tag=1.0.4-4" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64" }, "product_reference": "rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64" }, "product_reference": "rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64" }, "product_reference": "rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64" }, "product_reference": "rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64" }, "product_reference": "rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64" }, "product_reference": "rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64" }, "product_reference": "rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64" }, "product_reference": "rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64" }, "product_reference": "rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64" }, "product_reference": "rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64" }, "product_reference": "rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64" }, "product_reference": "rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64" }, "product_reference": "rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64" }, "product_reference": "rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64" }, "product_reference": "rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64" }, "product_reference": "rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64" }, "product_reference": "rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64" }, "product_reference": "rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64" }, "product_reference": "rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64" }, "product_reference": "rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64" }, "product_reference": "rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64" }, "product_reference": "rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64" }, "product_reference": "rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64" }, "product_reference": "rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" }, { "category": "default_component_of", "full_product_name": { "name": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED", "product_id": "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" }, "product_reference": "rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64", "relates_to_product_reference": "9Base-RHOSO-1.0-PODIFIED" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-45289", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268018" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45289" }, { "category": "external", "summary": "RHBZ#2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-13T13:14:57+00:00", "details": "RHOSO OpenStack Podified Control Plane Operators", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect" }, { "cve": "CVE-2023-45290", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268017" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45290" }, { "category": "external", "summary": "RHBZ#2268017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "category": "external", "summary": "https://go.dev/cl/569341", "url": "https://go.dev/cl/569341" }, { "category": "external", "summary": "https://go.dev/issue/65383", "url": "https://go.dev/issue/65383" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2599", "url": "https://pkg.go.dev/vuln/GO-2024-2599" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240329-0004", "url": "https://security.netapp.com/advisory/ntap-20240329-0004" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-13T13:14:57+00:00", "details": "RHOSO OpenStack Podified Control Plane Operators", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm" }, { "cve": "CVE-2024-24783", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268019" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24783" }, { "category": "external", "summary": "RHBZ#2268019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp" }, { "category": "external", "summary": "https://go.dev/cl/569339", "url": "https://go.dev/cl/569339" }, { "category": "external", "summary": "https://go.dev/issue/65390", "url": "https://go.dev/issue/65390" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2598", "url": "https://pkg.go.dev/vuln/GO-2024-2598" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240329-0005", "url": "https://security.netapp.com/advisory/ntap-20240329-0005" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-13T13:14:57+00:00", "details": "RHOSO OpenStack Podified Control Plane Operators", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm" }, { "cve": "CVE-2024-24784", "cwe": { "id": "CWE-115", "name": "Misinterpretation of Input" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268021" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/mail: comments in display names are incorrectly handled", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24784" }, { "category": "external", "summary": "RHBZ#2268021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24784" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-13T13:14:57+00:00", "details": "RHOSO OpenStack Podified Control Plane Operators", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/mail: comments in display names are incorrectly handled" }, { "cve": "CVE-2024-24785", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24785" }, { "category": "external", "summary": "RHBZ#2268022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785" }, { "category": "external", "summary": "https://go.dev/cl/564196", "url": "https://go.dev/cl/564196" }, { "category": "external", "summary": "https://go.dev/issue/65697", "url": "https://go.dev/issue/65697" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2024-2610.json", "url": "https://vuln.go.dev/ID/GO-2024-2610.json" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-13T13:14:57+00:00", "details": "RHOSO OpenStack Podified Control Plane Operators", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping" }, { "cve": "CVE-2024-24788", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-05-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2279814" } ], "notes": [ { "category": "description", "text": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: malformed DNS message can cause infinite loop", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24788" }, { "category": "external", "summary": "RHBZ#2279814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24788", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2824", "url": "https://pkg.go.dev/vuln/GO-2024-2824" } ], "release_date": "2024-05-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-13T13:14:57+00:00", "details": "RHOSO OpenStack Podified Control Plane Operators", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: malformed DNS message can cause infinite loop" }, { "cve": "CVE-2024-34155", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:06.929766+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310527" } ], "notes": [ { "category": "description", "text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34155" }, { "category": "external", "summary": "RHBZ#2310527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155" }, { "category": "external", "summary": "https://go.dev/cl/611238", "url": "https://go.dev/cl/611238" }, { "category": "external", "summary": "https://go.dev/issue/69138", "url": "https://go.dev/issue/69138" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3105", "url": "https://pkg.go.dev/vuln/GO-2024-3105" } ], "release_date": "2024-09-06T21:15:11.947000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-13T13:14:57+00:00", "details": "RHOSO OpenStack Podified Control Plane Operators", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion" }, { "cve": "CVE-2024-34156", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:09.377905+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310528" } ], "notes": [ { "category": "description", "text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "title": "Vulnerability description" }, { "category": "summary", "text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34156" }, { "category": "external", "summary": "RHBZ#2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156" }, { "category": "external", "summary": "https://go.dev/cl/611239", "url": "https://go.dev/cl/611239" }, { "category": "external", "summary": "https://go.dev/issue/69139", "url": "https://go.dev/issue/69139" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3106", "url": "https://pkg.go.dev/vuln/GO-2024-3106" } ], "release_date": "2024-09-06T21:15:12.020000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-13T13:14:57+00:00", "details": "RHOSO OpenStack Podified Control Plane Operators", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/barbican-rhel9-operator@sha256:9d4c302bf3ef3861b54fc401d1742e91b089e9172c28fcf7d450dac4c50f03ea_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/mariadb-rhel9-operator@sha256:98bcc0d3c4b05d160a615165426c13bb2318597fa126c2fe9a38688d81fd4ea1_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/neutron-rhel9-operator@sha256:850c2f1377fa0a5a0143ed226abccbec78ed03d86adcdc1e9daaa2dd45614d49_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/octavia-rhel9-operator@sha256:605b6c299ab3bd243638a7896c2f5105fcfddbe92d1d6975ad3819f449c00709_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-baremetal-rhel9-operator@sha256:0960068ccad1929734b174c67a64e06d7afc1851123c117dc942d2873046f808_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/ovn-rhel9-operator@sha256:cca32c23677bf4ad3405d7151ced32b4963860edd50981b236b8ef636567e982_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64", "9Base-RHOSO-1.0-PODIFIED:rhoso-operators/test-rhel9-operator@sha256:e248484aaea76516e4c504439608f3ccfd5236756521156780ada8a14bf25b98_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.