RHSA-2026:2368
Vulnerability from csaf_redhat - Published: 2026-02-09 19:25 - Updated: 2026-02-11 16:20Summary
Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.18.1-2 Update
Notes
Topic
Custom Metrics Autoscaler Operator for Red Hat OpenShift updates.
The following updates for the Custom Metric Autoscaler operator for Red Hat
OpenShift are now available:
* custom-metrics-autoscaler-adapter-container
* custom-metrics-autoscaler-admission-webhooks-container
* custom-metrics-autoscaler-container
* custom-metrics-autoscaler-operator-bundle-container
* custom-metrics-autoscaler-operator-container
Details
The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional operator, based on the Kubernetes Event Driven Autoscaler (KEDA), which allows workloads to be scaled using additional metrics sources other than pod metrics.
This release is based upon KEDA 2.18.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Custom Metrics Autoscaler Operator for Red Hat OpenShift updates.\n\nThe following updates for the Custom Metric Autoscaler operator for Red Hat\nOpenShift are now available:\n\n* custom-metrics-autoscaler-adapter-container\n* custom-metrics-autoscaler-admission-webhooks-container\n* custom-metrics-autoscaler-container\n* custom-metrics-autoscaler-operator-bundle-container\n* custom-metrics-autoscaler-operator-container",
"title": "Topic"
},
{
"category": "general",
"text": "The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional operator, based on the Kubernetes Event Driven Autoscaler (KEDA), which allows workloads to be scaled using additional metrics sources other than pod metrics.\nThis release is based upon KEDA 2.18.1",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2368",
"url": "https://access.redhat.com/errata/RHSA-2026:2368"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68476",
"url": "https://access.redhat.com/security/cve/CVE-2025-68476"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2368.json"
}
],
"title": "Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.18.1-2 Update",
"tracking": {
"current_release_date": "2026-02-11T16:20:27+00:00",
"generator": {
"date": "2026-02-11T16:20:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2368",
"initial_release_date": "2026-02-09T19:25:55+00:00",
"revision_history": [
{
"date": "2026-02-09T19:25:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-09T19:25:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T16:20:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product": {
"name": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.18::el9"
}
}
}
],
"category": "product_family",
"name": "Custom Metric Autoscaler operator for Red Hat Openshift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel9-operator@sha256%3A1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770072020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-operator-bundle@sha256%3Ae746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770076097"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-adapter-rhel9@sha256%3A7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770072436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel9@sha256%3Aa02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770071697"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256%3A53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770071646"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel9-operator@sha256%3A5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d?arch=arm64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770072020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-adapter-rhel9@sha256%3A57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003?arch=arm64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770072436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel9@sha256%3Ae4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d?arch=arm64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770071697"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256%3Ac25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a?arch=arm64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770071646"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel9-operator@sha256%3Ab9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0?arch=ppc64le\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770072020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-adapter-rhel9@sha256%3A2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e?arch=ppc64le\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770072436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel9@sha256%3Ad0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2?arch=ppc64le\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770071697"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256%3Aad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1?arch=ppc64le\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770071646"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel9-operator@sha256%3A7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23?arch=s390x\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770072020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-adapter-rhel9@sha256%3Acf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b?arch=s390x\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770072436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel9@sha256%3A7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1?arch=s390x\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770071697"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"product": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"product_id": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256%3A6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c?arch=s390x\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler\u0026tag=1770071646"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64 as a component of Custom Metric Autoscaler operator for Red Hat Openshift 2.18",
"product_id": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64"
},
"product_reference": "registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64",
"relates_to_product_reference": "Custom Metric Autoscaler operator for Red Hat Openshift 2.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T19:25:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2368"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
},
{
"cve": "CVE-2025-68476",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-12-22T22:03:38.850390+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2424509"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in KEDA, a Kubernetes-based Event Driven Autoscaling component. This arbitrary file read vulnerability allows an attacker with permissions to create or modify a TriggerAuthentication resource to read any file from the node\u0027s filesystem where the KEDA pod resides. This is due to insufficient path validation when handling Service Account Tokens during HashiCorp Vault authentication. Successful exploitation can lead to the exfiltration of sensitive system information, such as secrets or configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/kedacore/keda: KEDA: Arbitrary file read vulnerability in Vault authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important because an attacker with permissions to create or modify a KEDA TriggerAuthentication resource can perform arbitrary file reads from the node\u0027s filesystem. This impacts Red Hat OpenShift products that utilize KEDA with HashiCorp Vault authentication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64"
],
"known_not_affected": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68476"
},
{
"category": "external",
"summary": "RHBZ#2424509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68476"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68476",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68476"
},
{
"category": "external",
"summary": "https://github.com/kedacore/keda/commit/15c5677f65f809b9b6b59a52f4cf793db0a510fd",
"url": "https://github.com/kedacore/keda/commit/15c5677f65f809b9b6b59a52f4cf793db0a510fd"
},
{
"category": "external",
"summary": "https://github.com/kedacore/keda/security/advisories/GHSA-c4p6-qg4m-9jmr",
"url": "https://github.com/kedacore/keda/security/advisories/GHSA-c4p6-qg4m-9jmr"
}
],
"release_date": "2025-12-22T21:35:00.480000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T19:25:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:2f25021a561f15be90c5bca9bfafc43f9c8e142c75d1fc9ee317ab0943b7054e_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:57e58fa24aed52d153adb8e9eb2b97c7cc7144723bea8b92fb0f518c864e5003_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:7f9e53e5a6aa6670ab29f6e0001326f75393a17efb515bf174d4c9515c152758_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9@sha256:cf3f3bf999c1065bc3d0b7580bd922daec789f98da5812069cea1333520f876b_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:53a8ffbe94da6658c66bcf8d85e2e113f7bd85cff3f42a258e5ce6662ec2cb1d_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:6a90e03aefc5449d621907b8144acf3637b6a9705e50d6dda58a3ad3f112ac1c_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:ad045c0a324d63ac1fd3277233a96606f91dc32268ad94e6676d3081fa8ea8d1_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9@sha256:c25f659d9e7e50206a86e3617efbc7f2f4b750ced52fcc18a38bf03b4d89660a_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:e746b1aafcdcd82a6d2d069478d2870ada48c9f026d3119fc0977b333138c4ba_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:1a99333dd543488726051028e58eea4eaf5585a5993264faffbb7ccc151fc83e_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:5aedc4d3b27cba4acf7599e88cf0716cf47f6374f150237508d87f29094cf70d_arm64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:7c238fccaf2517e70f439cfbb860a7fbeaa27e6a295bc6a85b321179d65b2b23_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator@sha256:b9ec010e078cab2c432f2b240b8b8940a5fb6dbc347138215b80f7131f1435d0_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:7e8fb81460623c77a7c45c5e4b48e09d1da9e3441f8eb01be33f4ac5318b82a1_s390x",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:a02f9d2ff968196d532f9ca1858ec1ea3ca81726f111df22cf28bb6d7818f2ca_amd64",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:d0a2e099d9b87ceb1aa7b716a325c446172d1f4b365352e3c275dbfb604cd7b2_ppc64le",
"Custom Metric Autoscaler operator for Red Hat Openshift 2.18:registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9@sha256:e4a1bf51de7f95506dc58db125188c07d82b64aad83052c81c2262f8613af98d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/kedacore/keda: KEDA: Arbitrary file read vulnerability in Vault authentication"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…