Vulnerabilites related to Red Hat - Red Hat Ansible Automation Platform 2
cve-2024-9355
Vulnerability from cvelistv5
Published
2024-10-01 18:17
Modified
2025-04-03 08:32
Severity ?
EPSS score ?
Summary
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10133 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7502 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7550 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8327 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8678 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8847 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9551 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:2416 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-9355 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2315719 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9355", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T18:35:51.670441Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T18:37:53.436Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/golang-fips/openssl", defaultStatus: "affected", packageName: "github.com/golang-fips/openssl", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "rhc-worker-script", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.10-2.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "go-toolset:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020241001112709.a3795dee", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "grafana", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:9.2.10-20.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "grafana-pcp", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.1.1-9.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "golang", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.21.13-4.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "grafana", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:9.2.10-19.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "grafana-pcp", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.1.1-4.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:amq_streams:2", ], defaultStatus: "unaffected", packageName: "golang-github-danielqsj-kafka_exporter", product: "Streams for Apache Kafka 2.9.0", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:network_bound_disk_encryption_tang:1", ], defaultStatus: "affected", packageName: "tang-operator-bundle-container", product: "NBDE Tang Server", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "helm", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "odo", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines-client", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "openshift-serverless-clients", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform", ], defaultStatus: "affected", packageName: "helm", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "automation-gateway-proxy", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "receptor", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "host-metering", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:rhel8/buildah", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:rhel8/conmon", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:rhel8/containernetworking-plugins", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:rhel8/podman", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:rhel8/runc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:rhel8/skopeo", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:rhel8/toolbox", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "git-lfs", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "osbuild-composer", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "rhc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "rsyslog", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "weldr-client", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "butane", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "git-lfs", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "grafana-pcp", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "gvisor-tap-vsock", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "ignition", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "opentelemetry-collector", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "osbuild-composer", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "rsyslog", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "runc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "toolbox", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "weldr-client", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "butane", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "conmon-rs", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "cri-tools", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "golang-github-prometheus-promu", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "ignition", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "lifecycle-agent-operator-bundle-container", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "microshift", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/bare-metal-event-relay-operator-bundle", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/numaresources-operator-bundle", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-aws-efs-csi-driver-container-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-gcp-filestore-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-secrets-store-csi-driver-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-sriov-network-metrics-exporter-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-sriov-rdma-cni-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-vertical-pod-autoscaler-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/rdma-cni-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/sriov-network-metrics-exporter-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/topology-aware-lifecycle-manager-operator-bundle", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "ose-aws-ecr-image-credential-provider", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "ose-azure-acr-image-credential-provider", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "ose-gcp-gcr-image-credential-provider", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "runc", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_container_storage:4", ], defaultStatus: "affected", packageName: "mcg", product: "Red Hat Openshift Container Storage 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "mcg", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "unaffected", packageName: "devspaces/machineexec-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_gitops:1", ], defaultStatus: "affected", packageName: "openshift-gitops-1/gitops-operator-bundle", product: "Red Hat OpenShift GitOps", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_service_on_aws:1", ], defaultStatus: "affected", packageName: "rosa", product: "Red Hat OpenShift on AWS", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "kubevirt", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "affected", packageName: "etcd", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "affected", packageName: "golang-github-infrawatch-apputils", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "affected", packageName: "golang-qpid-apache", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "affected", packageName: "qpid-proton", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1", ], defaultStatus: "affected", packageName: "etcd", product: "Red Hat OpenStack Platform 17.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1", ], defaultStatus: "affected", packageName: "golang-github-infrawatch-apputils", product: "Red Hat OpenStack Platform 17.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1", ], defaultStatus: "affected", packageName: "golang-qpid-apache", product: "Red Hat OpenStack Platform 17.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1", ], defaultStatus: "affected", packageName: "qpid-proton", product: "Red Hat OpenStack Platform 17.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "foreman_ygg_worker", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "unaffected", packageName: "qpid-proton", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "unaffected", packageName: "satellite-capsule:el8/qpid-proton", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "satellite:el8/qpid-proton", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "satellite:el8/yggdrasil-worker-forwarder", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "yggdrasil", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "yggdrasil-worker-forwarder", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_interconnect:1", ], defaultStatus: "affected", packageName: "qpid-proton", product: "Red Hat Service Interconnect 1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_interconnect:1", ], defaultStatus: "affected", packageName: "skupper-cli", product: "Red Hat Service Interconnect 1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_interconnect:1", ], defaultStatus: "affected", packageName: "skupper-router", product: "Red Hat Service Interconnect 1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:storage:3", ], defaultStatus: "affected", packageName: "heketi", product: "Red Hat Storage 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:trusted_artifact_signer:1", ], defaultStatus: "affected", packageName: "rhtas/fulcio-rhel9", product: "Red Hat Trusted Artifact Signer", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by David Benoit (Red Hat).", }, ], datePublic: "2024-09-30T20:53:42.833Z", descriptions: [ { lang: "en", value: "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-457", description: "Use of Uninitialized Variable", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T08:32:23.227Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10133", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10133", }, { name: "RHSA-2024:7502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7502", }, { name: "RHSA-2024:7550", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7550", }, { name: "RHSA-2024:8327", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8327", }, { name: "RHSA-2024:8678", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8678", }, { name: "RHSA-2024:8847", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8847", }, { name: "RHSA-2024:9551", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9551", }, { name: "RHSA-2025:2416", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9355", }, { name: "RHBZ#2315719", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", }, ], timeline: [ { lang: "en", time: "2024-09-30T17:51:17.811000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-09-30T20:53:42.833000+00:00", value: "Made public.", }, ], title: "Golang-fips: golang fips zeroed buffer", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-457: Use of Uninitialized Variable", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9355", datePublished: "2024-10-01T18:17:29.420Z", dateReserved: "2024-09-30T17:07:30.833Z", dateUpdated: "2025-04-03T08:32:23.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1394
Vulnerability from cvelistv5
Published
2024-03-21 12:16
Modified
2025-03-25 17:00
Severity ?
EPSS score ?
Summary
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1462 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1468 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1472 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1501 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1502 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1561 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1563 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1566 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1567 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1574 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1640 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1644 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1646 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1763 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1897 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2562 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2568 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2569 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2729 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2730 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2767 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3265 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3352 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4146 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4371 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4378 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4379 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4502 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4581 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4591 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4672 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4699 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4761 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4762 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4960 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:5258 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:5634 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7262 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-1394 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262921 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 | ||
| https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 | ||
| https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f | ||
| https://pkg.go.dev/vuln/GO-2024-2660 | ||
| https://vuln.go.dev/ID/GO-2024-2660.json |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected: 0:1.4.5-1.el8ap < * cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-1394", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-21T18:21:05.099385Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T13:50:55.732Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:40:20.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1462", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1462", }, { name: "RHSA-2024:1468", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1468", }, { name: "RHSA-2024:1472", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1472", }, { name: "RHSA-2024:1501", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1501", }, { name: "RHSA-2024:1502", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1502", }, { name: "RHSA-2024:1561", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1561", }, { name: "RHSA-2024:1563", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1563", }, { name: "RHSA-2024:1566", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1566", }, { name: "RHSA-2024:1567", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1567", }, { name: "RHSA-2024:1574", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1574", }, { name: "RHSA-2024:1640", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1640", }, { name: "RHSA-2024:1644", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1644", }, { name: "RHSA-2024:1646", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1646", }, { name: "RHSA-2024:1763", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1763", }, { name: "RHSA-2024:1897", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1897", }, { name: "RHSA-2024:2562", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2562", }, { name: "RHSA-2024:2568", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2568", }, { name: "RHSA-2024:2569", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2569", }, { name: "RHSA-2024:2729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2729", }, { name: "RHSA-2024:2730", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2730", }, { name: "RHSA-2024:2767", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2767", }, { name: "RHSA-2024:3265", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3265", }, { name: "RHSA-2024:3352", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3352", }, { name: "RHSA-2024:4146", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4146", }, { name: "RHSA-2024:4371", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4371", }, { name: "RHSA-2024:4378", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4378", }, { name: "RHSA-2024:4379", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4379", }, { name: "RHSA-2024:4502", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4502", }, { name: "RHSA-2024:4581", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4581", }, { name: "RHSA-2024:4591", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4591", }, { name: "RHSA-2024:4672", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4672", }, { name: "RHSA-2024:4699", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4699", }, { name: "RHSA-2024:4761", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4761", }, { name: "RHSA-2024:4762", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4762", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-1394", }, { name: "RHBZ#2262921", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", }, { tags: [ "x_transferred", ], url: "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136", }, { tags: [ "x_transferred", ], url: "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6", }, { tags: [ "x_transferred", ], url: "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2024-2660", }, { tags: [ "x_transferred", ], url: "https://vuln.go.dev/ID/GO-2024-2660.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "affected", packageName: "receptor", product: "Red Hat Ansible Automation Platform 2.4 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.4.5-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "affected", packageName: "receptor", product: "Red Hat Ansible Automation Platform 2.4 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.4.5-1.el9ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:devtools:2023::el7", ], defaultStatus: "affected", packageName: "go-toolset-1.19-golang", product: "Red Hat Developer Tools", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.19.13-6.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "go-toolset:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020240313170136.26eb71ac", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "grafana-pcp", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.1.1-2.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "grafana", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:9.2.10-8.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "grafana", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:9.2.10-16.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240808093819.afee755d", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "osbuild-composer", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:101-2.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "golang", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.12-2.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "grafana", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:9.2.10-8.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "grafana-pcp", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.1.1-2.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "golang", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.21.9-2.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "grafana", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:9.2.10-16.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "grafana-pcp", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.1.1-2.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.33.7-3.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-5.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "gvisor-tap-vsock", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "6:0.7.3-4.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.14.3-3.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.4.0-4.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "runc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:1.1.12-3.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.2.0-4.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.0.1-6.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "golang", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.19.13-7.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.4.1-20.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.23.4-5.2.rhaos4.12.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "butane", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.16.0-2.2.rhaos4.12.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.4.0-1.1.rhaos4.12.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.25.5-13.1.rhaos4.12.git76343da.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "cri-tools", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.25.0-2.2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "ignition", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.14.0-7.1.rhaos4.12.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.2.0-7.2.rhaos4.12.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "runc", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:1.1.6-5.2.rhaos4.12.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.9.4-3.2.rhaos4.12.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.1-2.2.rhaos4.13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.4.0-1.1.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.26.5-11.1.rhaos4.13.git919cc6e.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "cri-tools", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.26.0-4.2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "ignition", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.15.0-7.1.rhaos4.13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-5.2.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "runc", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:1.1.12-1.1.rhaos4.13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.2-2.2.rhaos4.13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "butane", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.19.0-1.3.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.4.0-1.2.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "cri-tools", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.27.0-3.1.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "ignition", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.16.2-2.1.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "ose-aws-ecr-image-credential-provider", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-11.3.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.2-10.3.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.1-10.4.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "butane", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.19.0-1.4.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "conmon", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:2.1.7-3.4.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.4.0-1.3.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.27.4-7.2.rhaos4.14.git082c52f.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "cri-tools", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.27.0-3.2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "ignition", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.16.2-2.2.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4-aws-iso", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift-ansible", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift-kuryr", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "ose-aws-ecr-image-credential-provider", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-11.4.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "runc", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:1.1.12-1.2.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.2-10.4.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "microshift", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "414.92.202407300859-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.1-20.3.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "butane", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.20.0-1.1.rhaos4.15.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "containernetworking-plugins", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.4.0-1.2.rhaos4.15.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.4-8.rhaos4.15.git24f50b9.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "cri-tools", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.28.0-3.1.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "ignition", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.16.2-2.1.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "ose-aws-ecr-image-credential-provider", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-21.1.rhaos4.15.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "runc", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:1.1.12-1.1.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.2-21.2.rhaos4.15.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "microshift", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "415.92.202407191425-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.2::el8", ], defaultStatus: "affected", packageName: "etcd", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.3.23-16.el8ost", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1::el8", ], defaultStatus: "affected", packageName: "collectd-sensubility", product: "Red Hat OpenStack Platform 17.1 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.2.1-3.el8ost", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1::el9", ], defaultStatus: "affected", packageName: "etcd", product: "Red Hat OpenStack Platform 17.1 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.4.26-8.el9ost", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1::el9", ], defaultStatus: "affected", packageName: "collectd-sensubility", product: "Red Hat OpenStack Platform 17.1 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.2.1-3.el9ost", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9", ], defaultStatus: "affected", packageName: "odf4/mcg-operator-bundle", product: "RHODF-4.16-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-137", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9", ], defaultStatus: "affected", packageName: "odf4/mcg-rhel9-operator", product: "RHODF-4.16-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-38", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:network_bound_disk_encryption_tang:1", ], defaultStatus: "affected", packageName: "tang-operator-bundle-container", product: "NBDE Tang Server", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "helm", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "odo", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines-client", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "openshift-serverless-clients", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform", ], defaultStatus: "affected", packageName: "helm", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:certifications:1::el8", ], defaultStatus: "affected", packageName: "redhat-certification-preflight", product: "Red Hat Certification for Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:certifications:1::el9", ], defaultStatus: "affected", packageName: "redhat-certification-preflight", product: "Red Hat Certification for Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "buildah", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "containernetworking-plugins", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "host-metering", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "podman", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "rhc-worker-script", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "skopeo", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/buildah", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/conmon", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/containernetworking-plugins", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/podman", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/runc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/skopeo", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/toolbox", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "git-lfs", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "rhc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "weldr-client", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "butane", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "git-lfs", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "ignition", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "osbuild-composer", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "toolbox", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "weldr-client", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "conmon-rs", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "golang-github-prometheus-promu", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "lifecycle-agent-operator-bundle-container", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unknown", packageName: "openshift4/bare-metal-event-relay-operator-bundle", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/numaresources-operator-bundle", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-cluster-machine-approver-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_container_storage:4", ], defaultStatus: "unknown", packageName: "mcg", product: "Red Hat Openshift Container Storage 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/machineexec-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_gitops:1", ], defaultStatus: "affected", packageName: "openshift-gitops-1/gitops-operator-bundle", product: "Red Hat OpenShift GitOps", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_service_on_aws:1", ], defaultStatus: "affected", packageName: "rosa", product: "Red Hat OpenShift on AWS", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "unaffected", packageName: "kubevirt", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.1", ], defaultStatus: "unknown", packageName: "etcd", product: "Red Hat OpenStack Platform 16.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.1", ], defaultStatus: "affected", packageName: "golang-qpid-apache", product: "Red Hat OpenStack Platform 16.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.1", ], defaultStatus: "unaffected", packageName: "qpid-proton", product: "Red Hat OpenStack Platform 16.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "affected", packageName: "golang-github-infrawatch-apputils", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "affected", packageName: "golang-qpid-apache", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "unaffected", packageName: "qpid-proton", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1", ], defaultStatus: "affected", packageName: "golang-github-infrawatch-apputils", product: "Red Hat OpenStack Platform 17.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1", ], defaultStatus: "affected", packageName: "golang-qpid-apache", product: "Red Hat OpenStack Platform 17.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1", ], defaultStatus: "unaffected", packageName: "qpid-proton", product: "Red Hat OpenStack Platform 17.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:18.0", ], defaultStatus: "affected", packageName: "etcd", product: "Red Hat OpenStack Platform 18.0", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_interconnect:1", ], defaultStatus: "affected", packageName: "qpid-proton", product: "Red Hat Service Interconnect 1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_interconnect:1", ], defaultStatus: "affected", packageName: "skupper-cli", product: "Red Hat Service Interconnect 1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_interconnect:1", ], defaultStatus: "affected", packageName: "skupper-router", product: "Red Hat Service Interconnect 1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "unaffected", packageName: "rh-git227-git-lfs", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:storage:3", ], defaultStatus: "unknown", packageName: "heketi", product: "Red Hat Storage 3", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue.", }, ], datePublic: "2024-03-20T00:00:00.000Z", descriptions: [ { lang: "en", value: "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "Missing Release of Memory after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T17:00:13.700Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1462", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1462", }, { name: "RHSA-2024:1468", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1468", }, { name: "RHSA-2024:1472", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1472", }, { name: "RHSA-2024:1501", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1501", }, { name: "RHSA-2024:1502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1502", }, { name: "RHSA-2024:1561", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1561", }, { name: "RHSA-2024:1563", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1563", }, { name: "RHSA-2024:1566", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1566", }, { name: "RHSA-2024:1567", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1567", }, { name: "RHSA-2024:1574", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1574", }, { name: "RHSA-2024:1640", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1640", }, { name: "RHSA-2024:1644", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1644", }, { name: "RHSA-2024:1646", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1646", }, { name: "RHSA-2024:1763", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1763", }, { name: "RHSA-2024:1897", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1897", }, { name: "RHSA-2024:2562", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2562", }, { name: "RHSA-2024:2568", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2568", }, { name: "RHSA-2024:2569", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2569", }, { name: "RHSA-2024:2729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2729", }, { name: "RHSA-2024:2730", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2730", }, { name: "RHSA-2024:2767", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2767", }, { name: "RHSA-2024:3265", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3265", }, { name: "RHSA-2024:3352", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3352", }, { name: "RHSA-2024:4146", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4146", }, { name: "RHSA-2024:4371", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4371", }, { name: "RHSA-2024:4378", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4378", }, { name: "RHSA-2024:4379", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4379", }, { name: "RHSA-2024:4502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4502", }, { name: "RHSA-2024:4581", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4581", }, { name: "RHSA-2024:4591", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4591", }, { name: "RHSA-2024:4672", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4672", }, { name: "RHSA-2024:4699", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4699", }, { name: "RHSA-2024:4761", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4761", }, { name: "RHSA-2024:4762", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4762", }, { name: "RHSA-2024:4960", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4960", }, { name: "RHSA-2024:5258", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:5258", }, { name: "RHSA-2024:5634", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:5634", }, { name: "RHSA-2024:7262", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7262", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-1394", }, { name: "RHBZ#2262921", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", }, { url: "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136", }, { url: "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6", }, { url: "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f", }, { url: "https://pkg.go.dev/vuln/GO-2024-2660", }, { url: "https://vuln.go.dev/ID/GO-2024-2660.json", }, ], timeline: [ { lang: "en", time: "2024-02-06T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-03-20T00:00:00+00:00", value: "Made public.", }, ], title: "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-401: Missing Release of Memory after Effective Lifetime", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-1394", datePublished: "2024-03-21T12:16:38.790Z", dateReserved: "2024-02-09T06:02:35.056Z", dateUpdated: "2025-03-25T17:00:13.700Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9620
Vulnerability from cvelistv5
Published
2024-10-08 16:25
Modified
2025-02-12 16:34
Severity ?
EPSS score ?
Summary
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-9620 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2317129 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
||||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9620", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:42:34.191580Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:43:09.701Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/ansible/ansible", defaultStatus: "affected", packageName: "event-driven-automation", versions: [ { lessThan: "2.4", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "event_driven", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Enzo Ferreira (Red Hat).", }, ], datePublic: "2024-10-08T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "Cleartext Transmission of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T16:34:19.375Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9620", }, { name: "RHBZ#2317129", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317129", }, ], timeline: [ { lang: "en", time: "2024-10-08T00:49:58.428000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-10-08T00:00:00+00:00", value: "Made public.", }, ], title: "Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption", x_redhatCweChain: "CWE-319: Cleartext Transmission of Sensitive Information", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9620", datePublished: "2024-10-08T16:25:39.944Z", dateReserved: "2024-10-08T00:58:15.815Z", dateUpdated: "2025-02-12T16:34:19.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9979
Vulnerability from cvelistv5
Published
2024-10-15 14:01
Modified
2025-01-09 17:27
Severity ?
EPSS score ?
Summary
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-9979 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2318646 | issue-tracking, x_refsource_REDHAT | |
| https://crates.io/crates/pyo3 | ||
| https://github.com/PyO3/pyo3/pull/4590 | ||
| https://rustsec.org/advisories/RUSTSEC-2024-0378.html |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0.22.0 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9979", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T14:19:04.359472Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T17:27:23.921Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/PyO3/pyo3", defaultStatus: "unaffected", packageName: "pyo3", versions: [ { lessThan: "0.22.4", status: "affected", version: "0.22.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "python3.11-nh3", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "python3.11-rpds-py", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "python3.11-cryptography", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "python3.12-cryptography", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "python3.11-cryptography", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "python3.12-cryptography", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2024-10-12T12:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-12T10:01:49.875Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9979", }, { name: "RHBZ#2318646", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318646", }, { url: "https://crates.io/crates/pyo3", }, { url: "https://github.com/PyO3/pyo3/pull/4590", }, { url: "https://rustsec.org/advisories/RUSTSEC-2024-0378.html", }, ], timeline: [ { lang: "en", time: "2024-10-14T21:01:23.698016+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-10-12T12:00:00+00:00", value: "Made public.", }, ], title: "Pyo3: risk of use-after-free in `borrowed` reads from python weak references", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-416: Use After Free", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9979", datePublished: "2024-10-15T14:01:54.309Z", dateReserved: "2024-10-15T06:47:28.744Z", dateUpdated: "2025-01-09T17:27:23.921Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11831
Vulnerability from cvelistv5
Published
2025-02-10 15:27
Modified
2025-04-24 22:00
Severity ?
EPSS score ?
Summary
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2025:0304 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:1334 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:1468 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11831 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2312579 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e | ||
| https://github.com/yahoo/serialize-javascript/pull/173 |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 6.0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11831", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T17:08:31.160473Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-10T17:08:44.112Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/yahoo/serialize-javascript", packageName: "serialize-javascript", versions: [ { lessThan: "6.0.2", status: "affected", version: "6.0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.8-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.6-2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "dotnet8.0", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:8.0.112-1.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:cryostat:3", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Cryostat 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:logging:5", ], defaultStatus: "affected", packageName: "openshift-logging/kibana6-rhel8", product: "Logging Subsystem for Red Hat OpenShift", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:migration_toolkit_virtualization:2", ], defaultStatus: "unaffected", packageName: "migration-toolkit-virtualization/mtv-console-plugin-rhel9", product: "Migration Toolkit for Virtualization", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_dotnet:6.0", ], defaultStatus: "affected", packageName: "rh-dotnet60-dotnet", product: ".NET 6.0 on Red Hat Enterprise Linux", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_lightspeed", ], defaultStatus: "affected", packageName: "openshift-lightspeed-beta/lightspeed-console-plugin-rhel9", product: "OpenShift Lightspeed", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines/pipelines-console-plugin-rhel8", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines/pipelines-hub-api-rhel8", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines/pipelines-hub-db-migration-rhel8", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines/pipelines-hub-ui-rhel8", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_mesh:2", ], defaultStatus: "affected", packageName: "openshift-service-mesh/kiali-ossmc-rhel8", product: "OpenShift Service Mesh 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_mesh:2", ], defaultStatus: "affected", packageName: "openshift-service-mesh/kiali-rhel8", product: "OpenShift Service Mesh 2", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:red_hat_3scale_amp:2", ], defaultStatus: "affected", packageName: "3scale-amp-system-container", product: "Red Hat 3scale API Management Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/console-rhel8", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-rhel8-operator", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-scanner-v4-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "aap-cloud-ui-container", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "ansible-automation-platform-24/lightspeed-rhel8", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "automation-controller", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "automation-eda-controller", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhboac_hawtio:4", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat build of Apache Camel - HawtIO 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_registry:2", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat build of Apicurio Registry 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:optaplanner:::el6", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat build of OptaPlanner 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_data_grid:8", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Data Grid 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhdh:1", ], defaultStatus: "unaffected", packageName: "rhdh/rhdh-hub-rhel9", product: "Red Hat Developer Hub", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:discovery:1", ], defaultStatus: "affected", packageName: "discovery-server-container", product: "Red Hat Discovery", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "dotnet6.0", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "dotnet8.0", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "grafana", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "pcs", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "dotnet6.0", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "dotnet7.0", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "pcs", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_fuse:7", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Fuse 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:integration:1", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat Integration Camel K 1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:7", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat JBoss Enterprise Application Platform 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:8", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat JBoss Enterprise Application Platform 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jbosseapxp", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat JBoss Enterprise Application Platform Expansion Pack", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "unaffected", packageName: "odh-dashboard-container", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-dashboard-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-data-science-pipelines-argo-argoexec-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-data-science-pipelines-argo-workflowcontroller-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-kf-notebook-controller-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-api-server-v2-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-driver-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-launcher-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-persistenceagent-v2-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-scheduledworkflow-v2-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-model-registry-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "unaffected", packageName: "odh-notebook-controller-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "unaffected", packageName: "odh-operator-container", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "affected", packageName: "openshift3/ose-console", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-monitoring-plugin-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "odf4/ocs-client-console-rhel9", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "odf4/odf-console-rhel9", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "odf4/odf-multicluster-console-rhel8", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/code-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/dashboard-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/traefik-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-agent-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "affected", packageName: "rhosdt/jaeger-all-in-one-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-collector-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-es-index-cleaner-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-es-rollover-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-ingester-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "affected", packageName: "rhosdt/jaeger-query-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Process Automation 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quay:3", ], defaultStatus: "affected", packageName: "quay/quay-rhel8", product: "Red Hat Quay 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "unaffected", packageName: "nodejs-compression-webpack-plugin", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "unaffected", packageName: "nodejs-webpack", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Single Sign-On 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:trusted_profile_analyzer:1", ], defaultStatus: "affected", packageName: "rhtpa/rhtpa-trustification-service-rhel9", product: "Red Hat Trusted Profile Analyzer", vendor: "Red Hat", }, ], datePublic: "2024-09-16T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-24T22:00:29.848Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHBA-2025:0304", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2025:0304", }, { name: "RHSA-2025:1334", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1334", }, { name: "RHSA-2025:1468", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1468", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11831", }, { name: "RHBZ#2312579", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312579", }, { url: "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e", }, { url: "https://github.com/yahoo/serialize-javascript/pull/173", }, ], timeline: [ { lang: "en", time: "2024-09-16T16:43:32.021000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-09-16T00:00:00+00:00", value: "Made public.", }, ], title: "Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11831", datePublished: "2025-02-10T15:27:46.732Z", dateReserved: "2024-11-26T18:56:38.187Z", dateUpdated: "2025-04-24T22:00:29.848Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-3576
Vulnerability from cvelistv5
Published
2025-04-15 05:55
Modified
2025-04-17 08:19
Severity ?
EPSS score ?
Summary
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2025-3576 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2359465 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-3576", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-15T13:11:53.062910Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-15T13:12:04.778Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "aap-cloud-metrics-collector-container", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "ansible-automation-platform-24/ee-minimal-rhel9", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "ansible-automation-platform-24/ee-supported-rhel8", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "ansible-automation-platform-24/platform-resource-runner-rhel8", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "ansible-automation-platform-25/ansible-builder-rhel8", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "krb5", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "krb5", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "krb5", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "krb5", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, ], datePublic: "2025-04-15T00:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-328", description: "Use of Weak Hash", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-17T08:19:55.773Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-3576", }, { name: "RHBZ#2359465", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", }, ], timeline: [ { lang: "en", time: "2025-04-14T11:00:53.484000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-04-15T00:00:00+00:00", value: "Made public.", }, ], title: "Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-328: Use of Weak Hash", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-3576", datePublished: "2025-04-15T05:55:26.732Z", dateReserved: "2025-04-14T09:53:43.906Z", dateUpdated: "2025-04-17T08:19:55.773Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3727
Vulnerability from cvelistv5
Published
2024-05-09 14:57
Modified
2025-04-29 13:17
Severity ?
EPSS score ?
Summary
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0045 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3718 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4159 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4613 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4850 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4960 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:5258 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:5951 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6054 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6122 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6708 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6818 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6824 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7164 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7174 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7182 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7187 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7922 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7941 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8260 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8425 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9097 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9098 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9102 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9960 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-3727 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2274767 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 5.30.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-3727", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T17:59:41.318223Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:33:13.046Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:20:01.029Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:0045", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0045", }, { name: "RHSA-2024:4159", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4159", }, { name: "RHSA-2024:4613", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4613", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-3727", }, { name: "RHBZ#2274767", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/containers/image", defaultStatus: "unaffected", packageName: "image", versions: [ { lessThan: "5.29.3", status: "affected", version: "0", versionType: "semver", }, { lessThan: "5.30.1", status: "affected", version: "5.30.0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", ], defaultStatus: "affected", packageName: "oadp/oadp-velero-plugin-rhel9", product: "OADP-1.3-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.3.4-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-collector-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-collector-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-4", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-rhel8-operator", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-v4-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-collector-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-collector-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-rhel8-operator", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-v4-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240808093819.afee755d", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.37.2-1.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.16.1-1.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:5.2.2-1.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:rhmt:1.8::el8", ], defaultStatus: "affected", packageName: "rhmtc/openshift-migration-controller-rhel8", product: "Red Hat Migration Toolkit for Containers 1.8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v1.8.4-22", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift_ironic:4.13::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-13.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift_ironic:4.13::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.3-3.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift_ironic:4.14::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-19.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift_ironic:4.14::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.3-3.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/network-tools-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-api-server-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-alibaba-machine-controllers-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-apiserver-network-proxy-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-autoscaler-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-control-plane-machine-set-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-ingress-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-network-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-node-tuning-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-console", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-hypershift-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-insights-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-api-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-admission-controller-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-whereabouts-ipam-cni-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-nutanix-machine-controllers-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openshift-controller-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-registry-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ovn-kubernetes-microshift-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ovn-kubernetes-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-powervs-cloud-controller-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-powervs-machine-controllers-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-sdn-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-tests", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-tools-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "415.92.202409162258-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift_ironic:4.15::el9", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-30.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift_ironic:4.15::el9", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.3-4.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202410230304.p0.g366295f.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-5.1.rhaos4.16.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.14.4-1.rhaos4.16.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.29.5-7.rhaos4.16.git7db4ada.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-config-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-config-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-olm-operator-controller-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-registry-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/oc-mirror-plugin-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-api-server-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-config-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openshift-apiserver-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4.15::el9", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-controller-rhel9", product: "RHEL-9-CNV-4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.5-7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/agent-service-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/assisted-installer-agent-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/assisted-installer-reporter-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/assisted-installer-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/hive-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-agent-base-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "openshift-serverless-1/client-kn-rhel8", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "openshift-serverless-clients", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:source_to_image:1", ], defaultStatus: "affected", packageName: "source-to-image-container", product: "OpenShift Source-to-Image (S2I)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/submariner-rhel8-operator", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-rhel8-operator", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-slim-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform", ], defaultStatus: "unaffected", packageName: "openshift-clients", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "openshift-clients", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "buildah", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "podman", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "skopeo", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/buildah", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/conmon", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/containers-common", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:4.0/podman", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/skopeo", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "osbuild-composer", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "containers-common", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "osbuild-composer", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "unknown", packageName: "atomic-openshift", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "unknown", packageName: "podman", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "containers-common", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-csr-approver-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-baremetal-installer-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-cli", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-cli-artifacts", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-deployer", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-installer", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-installer-altinfra-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-installer-artifacts", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-olm-rukpak-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-openshift-proxy-pull-test-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "ose-installer-terraform-providers-container", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:assisted_installer:", ], defaultStatus: "affected", packageName: "rhai-tech-preview/assisted-installer-agent-rhel8", product: "Red Hat OpenShift Container Platform Assisted Installer", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:assisted_installer:", ], defaultStatus: "affected", packageName: "rhai-tech-preview/assisted-installer-reporter-rhel8", product: "Red Hat OpenShift Container Platform Assisted Installer", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:assisted_installer:", ], defaultStatus: "affected", packageName: "rhai-tech-preview/assisted-installer-rhel8", product: "Red Hat OpenShift Container Platform Assisted Installer", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/udi-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_sandboxed_containers:1", ], defaultStatus: "affected", packageName: "openshift-sandboxed-containers/osc-must-gather-rhel8", product: "Red Hat Openshift Sandboxed Containers", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_sandboxed_containers:1", ], defaultStatus: "affected", packageName: "openshift-sandboxed-containers/osc-rhel8-operator", product: "Red Hat Openshift Sandboxed Containers", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-apiserver", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-apiserver-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-cloner", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-cloner-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-controller", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-importer", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-importer-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-operator", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-operator-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-uploadproxy", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-uploadproxy-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-uploadserver", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-uploadserver-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "affected", packageName: "osp-director-provisioner-container", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quay:3", ], defaultStatus: "unaffected", packageName: "quay/quay-builder-rhel8", product: "Red Hat Quay 3", vendor: "Red Hat", }, ], datePublic: "2024-05-09T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-354", description: "Improper Validation of Integrity Check Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-29T13:17:40.573Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:0045", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0045", }, { name: "RHSA-2024:3718", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3718", }, { name: "RHSA-2024:4159", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4159", }, { name: "RHSA-2024:4613", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4613", }, { name: "RHSA-2024:4850", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4850", }, { name: "RHSA-2024:4960", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4960", }, { name: "RHSA-2024:5258", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:5258", }, { name: "RHSA-2024:5951", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:5951", }, { name: "RHSA-2024:6054", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6054", }, { name: "RHSA-2024:6122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6122", }, { name: "RHSA-2024:6708", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6708", }, { name: "RHSA-2024:6818", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6818", }, { name: "RHSA-2024:6824", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6824", }, { name: "RHSA-2024:7164", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { name: "RHSA-2024:7174", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7174", }, { name: "RHSA-2024:7182", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7182", }, { name: "RHSA-2024:7187", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7187", }, { name: "RHSA-2024:7922", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7922", }, { name: "RHSA-2024:7941", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7941", }, { name: "RHSA-2024:8260", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8260", }, { name: "RHSA-2024:8425", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8425", }, { name: "RHSA-2024:9097", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9097", }, { name: "RHSA-2024:9098", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9098", }, { name: "RHSA-2024:9102", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9102", }, { name: "RHSA-2024:9960", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9960", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-3727", }, { name: "RHBZ#2274767", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, ], timeline: [ { lang: "en", time: "2024-04-12T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-05-09T00:00:00+00:00", value: "Made public.", }, ], title: "Containers/image: digest type does not guarantee valid type", x_redhatCweChain: "CWE-354: Improper Validation of Integrity Check Value", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-3727", datePublished: "2024-05-09T14:57:21.327Z", dateReserved: "2024-04-12T17:56:37.261Z", dateUpdated: "2025-04-29T13:17:40.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6681
Vulnerability from cvelistv5
Published
2024-02-12 14:04
Modified
2024-11-24 15:46
Severity ?
EPSS score ?
Summary
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:3267 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9281 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6681 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2260843 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8100020240417004735.143e9e98 < * cpe:/a:redhat:enterprise_linux:8::appstream |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-6681", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-12T21:27:57.752185Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:42.932Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:35:14.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:3267", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3267", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-6681", }, { name: "RHBZ#2260843", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260843", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "idm:client", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240417004735.143e9e98", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240416171943.823393f5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "python-jwcrypto", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.5.6-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "automation-controller", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "python-jwcrypto", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2023-12-28T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T15:46:23.381Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:3267", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3267", }, { name: "RHSA-2024:9281", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9281", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-6681", }, { name: "RHBZ#2260843", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260843", }, ], timeline: [ { lang: "en", time: "2024-01-29T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-12-28T00:00:00+00:00", value: "Made public.", }, ], title: "Jwcrypto: denail of service via specifically crafted jwe", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-400: Uncontrolled Resource Consumption", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-6681", datePublished: "2024-02-12T14:04:45.113Z", dateReserved: "2023-12-11T12:45:07.051Z", dateUpdated: "2024-11-24T15:46:23.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11483
Vulnerability from cvelistv5
Published
2024-11-25 03:54
Modified
2025-04-02 06:03
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:11145 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11483 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2327579 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44 |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ v2024.10.17 |
|||||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11483", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T17:15:47.886009Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T17:15:57.221Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/ansible/django-ansible-base", defaultStatus: "unaffected", packageName: "django-ansible-base", versions: [ { lessThanOrEqual: "v2024.10.17", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", ], defaultStatus: "affected", packageName: "automation-gateway", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.5.20241218-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", ], defaultStatus: "affected", packageName: "automation-gateway", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.5.20241218-1.el9ap", versionType: "rpm", }, ], }, ], credits: [ { lang: "en", value: "Red Hat would like to thank David Newswanger (RedHat) and Rick Elrod (RedHat) for reporting this issue.", }, ], datePublic: "2024-11-20T00:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T06:03:20.689Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:11145", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:11145", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11483", }, { name: "RHBZ#2327579", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2327579", }, { url: "https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44", }, ], timeline: [ { lang: "en", time: "2024-11-20T08:03:10.145000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-20T00:00:00+00:00", value: "Made public.", }, ], title: "Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5", x_redhatCweChain: "CWE-284: Improper Access Control", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11483", datePublished: "2024-11-25T03:54:34.342Z", dateReserved: "2024-11-20T08:09:27.275Z", dateUpdated: "2025-04-02T06:03:20.689Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-2877
Vulnerability from cvelistv5
Published
2025-03-28 14:05
Modified
2025-04-07 16:11
Severity ?
EPSS score ?
Summary
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:3636 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:3637 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2025-2877 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2355540 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected: 0:1.0.8-2.el8ap < * cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-2877", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T14:31:03.979042Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T14:31:12.023Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", ], defaultStatus: "affected", packageName: "ansible-rulebook", product: "Red Hat Ansible Automation Platform 2.4 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0.8-2.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", ], defaultStatus: "affected", packageName: "ansible-rulebook", product: "Red Hat Ansible Automation Platform 2.4 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.0.8-2.el9ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", ], defaultStatus: "affected", packageName: "ansible-rulebook", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.1.4-2.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", ], defaultStatus: "affected", packageName: "ansible-rulebook", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.1.4-2.el9ap", versionType: "rpm", }, ], }, ], datePublic: "2025-03-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to \"debug\", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any \"debug\" action in a rulebook and also affects Event Streams.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1295", description: "Debug Messages Revealing Unnecessary Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-07T16:11:50.438Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:3636", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:3636", }, { name: "RHSA-2025:3637", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:3637", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-2877", }, { name: "RHBZ#2355540", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2355540", }, ], timeline: [ { lang: "en", time: "2025-03-27T16:59:44.171000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-03-25T00:00:00+00:00", value: "Made public.", }, ], title: "Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-1295: Debug Messages Revealing Unnecessary Information", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-2877", datePublished: "2025-03-28T14:05:18.308Z", dateReserved: "2025-03-27T17:06:26.480Z", dateUpdated: "2025-04-07T16:11:50.438Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11079
Vulnerability from cvelistv5
Published
2024-11-11 23:32
Modified
2025-03-14 11:37
Severity ?
EPSS score ?
Summary
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10770 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:11145 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11079 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2325171 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ 2.18.0 |
||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11079", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T14:41:52.352926Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T14:42:14.546Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/ansible/ansible", defaultStatus: "unaffected", packageName: "ansible-core", versions: [ { lessThanOrEqual: "2.18.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ansible-builder-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.2.0-93", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ansible-builder-rhel9", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.0.1-108", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-29-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.9.27-34", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-minimal-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.14.13-23", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-minimal-rhel9", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.15.13-4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.16.14-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.16.14-1.el9ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux_ai:1", ], defaultStatus: "affected", packageName: "rhelai1/bootc-azure-nvidia-rhel9", product: "Red Hat Enterprise Linux AI (RHEL AI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux_ai:1", ], defaultStatus: "affected", packageName: "rhelai1/bootc-nvidia-rhel9", product: "Red Hat Enterprise Linux AI (RHEL AI)", vendor: "Red Hat", }, ], datePublic: "2024-11-11T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T11:37:35.688Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10770", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10770", }, { name: "RHSA-2024:11145", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:11145", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11079", }, { name: "RHBZ#2325171", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2325171", }, ], timeline: [ { lang: "en", time: "2024-11-11T11:43:42.603000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-11T00:00:00+00:00", value: "Made public.", }, ], title: "Ansible-core: unsafe tagging bypass via hostvars object in ansible-core", workarounds: [ { lang: "en", value: "To mitigate this vulnerability, avoid using the hostvars object to reference content marked as !unsafe. Ensure that all remote data from modules or lookups is properly sanitized and validated before use in playbooks. Additionally, restrict access to inventory files and Ansible playbooks to trusted users to minimize exploitation risks.", }, ], x_redhatCweChain: "CWE-20: Improper Input Validation", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11079", datePublished: "2024-11-11T23:32:55.539Z", dateReserved: "2024-11-11T11:57:21.806Z", dateUpdated: "2025-03-14T11:37:35.688Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3205
Vulnerability from cvelistv5
Published
2022-09-13 19:19
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-3205 | vdb-entry, x_redhatRef | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2120597 | issue-tracking, x_redhatRef |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 1.2 |
cpe:/a:redhat:ansible_automation_platform |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:00:10.844Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_redhatRef", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-3205", }, { name: "RHBZ#2120597", tags: [ "issue-tracking", "x_redhatRef", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2120597", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform", ], defaultStatus: "affected", packageName: "ansible-tower", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "automation-controller", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Oleg Sushchenko (Red Hat).", }, ], datePublic: "2022-08-23T11:20:00+00:00", descriptions: [ { lang: "en", value: "Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T17:53:01.922Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_redhatRef", ], url: "https://access.redhat.com/security/cve/CVE-2022-3205", }, { name: "RHBZ#2120597", tags: [ "issue-tracking", "x_redhatRef", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2120597", }, ], timeline: [ { lang: "en", time: "2022-08-23T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2022-08-23T11:20:00+00:00", value: "Made public.", }, ], title: "Controller: cross site scripting in automation controller ui", x_redhatCweChain: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3205", datePublished: "2022-09-13T19:19:46", dateReserved: "2022-09-13T00:00:00", dateUpdated: "2024-08-03T01:00:10.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7143
Vulnerability from cvelistv5
Published
2024-08-07 16:49
Modified
2024-12-31 14:23
Severity ?
EPSS score ?
Summary
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:6765 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-7143 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2300125 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/pulp/pulpcore/blob/93f241f34c503da0fbac94bdba739feda2636e12/pulpcore/tasking/_util.py#L108 |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ 3.56.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-7143", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-07T17:28:33.839214Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-07T17:28:52.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-09-10T22:53:16.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://github.com/pulp/pulpcore/blob/main/CHANGES.md", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { collectionURL: "https://github.com/pulp/pulpcore", defaultStatus: "unaffected", packageName: "pulp", versions: [ { lessThanOrEqual: "3.56.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "automation-controller", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "python3x-urllib3", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "python-urllib3", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "receptor", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "automation-controller", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "python3x-django", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "python3x-pulpcore", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "python3x-urllib3", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "python-django", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "python-pulpcore", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "python-urllib3", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", ], defaultStatus: "unaffected", packageName: "receptor", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "python3x-pulpcore", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "python-pulpcore", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "unaffected", packageName: "python-pulpcore", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhui:4::el8", ], defaultStatus: "unaffected", packageName: "python-pulpcore", product: "Red Hat Update Infrastructure 4 for Cloud Providers", vendor: "Red Hat", }, ], datePublic: "2024-08-07T13:50:03.893000+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-277", description: "Insecure Inherited Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T14:23:03.504Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:6765", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6765", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-7143", }, { name: "RHBZ#2300125", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2300125", }, { url: "https://github.com/pulp/pulpcore/blob/93f241f34c503da0fbac94bdba739feda2636e12/pulpcore/tasking/_util.py#L108", }, ], timeline: [ { lang: "en", time: "2024-07-26T19:01:06+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-08-07T13:50:03.893000+00:00", value: "Made public.", }, ], title: "Pulpcore: rbac permissions incorrectly assigned in tasks that create objects", x_redhatCweChain: "CWE-277: Insecure Inherited Permissions", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-7143", datePublished: "2024-08-07T16:49:29.842Z", dateReserved: "2024-07-26T18:48:08.747Z", dateUpdated: "2024-12-31T14:23:03.504Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50782
Vulnerability from cvelistv5
Published
2024-02-05 20:45
Modified
2024-11-25 10:24
Severity ?
EPSS score ?
Summary
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-50782 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 3.2 ≤ |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:23:43.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-50782", }, { name: "RHBZ#2254432", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254432", }, { tags: [ "x_transferred", ], url: "https://www.couchbase.com/alerts/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/pyca/cryptography", defaultStatus: "unaffected", packageName: "python-cryptography", versions: [ { lessThan: "42.0.0", status: "affected", version: "3.2", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "python-cryptography", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "python-cryptography", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "python39:3.9/python-cryptography", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "python-cryptography", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "python-cryptography", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "unaffected", packageName: "python-cryptography", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhui:4::el8", ], defaultStatus: "affected", packageName: "python-cryptography", product: "Red Hat Update Infrastructure 4 for Cloud Providers", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Hubert Kario (Red Hat).", }, ], datePublic: "2023-12-13T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-208", description: "Observable Timing Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-25T10:24:46.647Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-50782", }, { name: "RHBZ#2254432", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254432", }, ], timeline: [ { lang: "en", time: "2023-12-13T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-12-13T00:00:00+00:00", value: "Made public.", }, ], title: "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-327->CWE-385->CWE-208: Use of a Broken or Risky Cryptographic Algorithm leads to Covert Timing Channel leads to Observable Timing Discrepancy", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-50782", datePublished: "2024-02-05T20:45:49.705Z", dateReserved: "2023-12-13T20:44:02.023Z", dateUpdated: "2024-11-25T10:24:46.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }