Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-66564 (GCVE-0-2025-66564)
Vulnerability from cvelistv5 – Published: 2025-12-04 22:37 – Updated: 2025-12-05 14:55
VLAI?
EPSS
Title
Sigstore Timestamp Authority allocates excessive memory during request parsing
Summary
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). This vulnerability is fixed in 2.0.3.
Severity ?
7.5 (High)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sigstore | timestamp-authority |
Affected:
< 2.0.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T14:55:44.658584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:55:53.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "timestamp-authority",
"vendor": "sigstore",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). This vulnerability is fixed in 2.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T22:37:13.307Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
},
{
"name": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
}
],
"source": {
"advisory": "GHSA-4qg8-fj49-pxjh",
"discovery": "UNKNOWN"
},
"title": "Sigstore Timestamp Authority allocates excessive memory during request parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66564",
"datePublished": "2025-12-04T22:37:13.307Z",
"dateReserved": "2025-12-04T16:05:22.975Z",
"dateUpdated": "2025-12-05T14:55:53.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66564\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-04T23:15:47.430\",\"lastModified\":\"2025-12-08T18:27:15.857\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). This vulnerability is fixed in 2.0.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-405\"}]}],\"references\":[{\"url\":\"https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66564\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-05T14:55:44.658584Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-05T14:55:50.449Z\"}}], \"cna\": {\"title\": \"Sigstore Timestamp Authority allocates excessive memory during request parsing\", \"source\": {\"advisory\": \"GHSA-4qg8-fj49-pxjh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"sigstore\", \"product\": \"timestamp-authority\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.0.3\"}]}], \"references\": [{\"url\": \"https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh\", \"name\": \"https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421\", \"name\": \"https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). This vulnerability is fixed in 2.0.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-405\", \"description\": \"CWE-405: Asymmetric Resource Consumption (Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-04T22:37:13.307Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66564\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-05T14:55:53.273Z\", \"dateReserved\": \"2025-12-04T16:05:22.975Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-04T22:37:13.307Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:2350
Vulnerability from csaf_redhat - Published: 2026-02-09 15:50 - Updated: 2026-02-20 08:37Summary
Red Hat Security Advisory: RHACS 4.9.3 security and bug fix update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security
(RHACS), which typically include new features, bug fixes, and/or
security patches.
Details
See the release notes (link in the references section) for a
description of the fixes and enhancements in this particular release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2350",
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68428",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/release_notes/index#about-this-release-493_release-notes-49",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/release_notes/index#about-this-release-493_release-notes-49"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2350.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.9.3 security and bug fix update",
"tracking": {
"current_release_date": "2026-02-20T08:37:59+00:00",
"generator": {
"date": "2026-02-20T08:37:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2350",
"initial_release_date": "2026-02-09T15:50:42+00:00",
"revision_history": [
{
"date": "2026-02-09T15:50:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-09T15:50:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T08:37:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security 4.9",
"product": {
"name": "Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Acfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769065259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3Ad8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Abaa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ae2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ae9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ac1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Aa75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Acf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Ad63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769065259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Ae87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Abd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ad9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Aa3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Ade3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769065259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Af49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Ae5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Abe9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769065259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Ad9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Adb417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ac916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2025-68428",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2026-01-05T22:01:15.703824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427236"
}
],
"notes": [
{
"category": "description",
"text": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "RHBZ#2427236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
"url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
}
],
"release_date": "2026-01-05T21:43:55.169000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
}
]
}
RHSA-2026:2568
Vulnerability from csaf_redhat - Published: 2026-02-11 15:09 - Updated: 2026-02-20 08:38Summary
Red Hat Security Advisory: RHACS 4.9.3 security and bug fix update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security
(RHACS), which typically include new features, bug fixes, and/or
security patches.
Details
See the release notes (link in the references section) for a
description of the fixes and enhancements in this particular release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2568",
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68428",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/release_notes/index#about-this-release-493_release-notes-49",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/release_notes/index#about-this-release-493_release-notes-49"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2568.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.9.3 security and bug fix update",
"tracking": {
"current_release_date": "2026-02-20T08:38:00+00:00",
"generator": {
"date": "2026-02-20T08:38:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2568",
"initial_release_date": "2026-02-11T15:09:41+00:00",
"revision_history": [
{
"date": "2026-02-11T15:09:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T15:09:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T08:38:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security 4.9",
"product": {
"name": "Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Afdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Af5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769100379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3A4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Ab604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Aeffcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ab42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ac399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Abff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Af8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769100379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Afe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ab88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769100379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Ad09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ae85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Ab4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Af4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769100379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Adea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Ab6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Af630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ac1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ab57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Aec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2025-68428",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2026-01-05T22:01:15.703824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427236"
}
],
"notes": [
{
"category": "description",
"text": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "RHBZ#2427236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
"url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
}
],
"release_date": "2026-01-05T21:43:55.169000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
}
]
}
RHSA-2026:1517
Vulnerability from csaf_redhat - Published: 2026-01-28 22:40 - Updated: 2026-02-20 07:31Summary
Red Hat Security Advisory: RHACS 4.8.8 security and bug fix update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security
(RHACS), which typically include new features, bug fixes, and/or
security patches.
Details
See the release notes (link in the references section) for a
description of the fixes and enhancements in this particular release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1517",
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68428",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#about-this-release-488_release-notes-48",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#about-this-release-488_release-notes-48"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1517.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.8.8 security and bug fix update",
"tracking": {
"current_release_date": "2026-02-20T07:31:27+00:00",
"generator": {
"date": "2026-02-20T07:31:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1517",
"initial_release_date": "2026-01-28T22:40:02+00:00",
"revision_history": [
{
"date": "2026-01-28T22:40:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T22:40:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T07:31:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security 4.8",
"product": {
"name": "Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Aca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Af23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3Ab22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Ad353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Ac7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Aeb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Aeaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Affc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Acfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ab60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ad480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ac69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Ae7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Adb0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Afe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Af5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ae292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Adeea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Aec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Af7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Af96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Adcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Acc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ad5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2025-68428",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2026-01-05T22:01:15.703824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427236"
}
],
"notes": [
{
"category": "description",
"text": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "RHBZ#2427236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
"url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
}
],
"release_date": "2026-01-05T21:43:55.169000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
}
]
}
RHSA-2026:2144
Vulnerability from csaf_redhat - Published: 2026-02-05 15:45 - Updated: 2026-02-20 08:27Summary
Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release
Notes
Topic
The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details
The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, and 4.20
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, and 4.20",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2144",
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22772",
"url": "https://access.redhat.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22774",
"url": "https://access.redhat.com/security/cve/CVE-2026-22774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22775",
"url": "https://access.redhat.com/security/cve/CVE-2026-22775"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23745",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23950",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2144.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-02-20T08:27:03+00:00",
"generator": {
"date": "2026-02-20T08:27:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2144",
"initial_release_date": "2026-02-05T15:45:43+00:00",
"revision_history": [
{
"date": "2026-02-05T15:45:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T15:45:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T08:27:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-backfill-redis-rhel9@sha256%3Aec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770106163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"product": {
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"product_id": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/certificate-transparency-rhel9@sha256%3A240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770107577"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-database-rhel9@sha256%3Af4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770106156"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"product": {
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"product_id": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fulcio-rhel9@sha256%3Ad876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770107446"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-logserver-rhel9@sha256%3A7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770106156"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-logsigner-rhel9@sha256%3A83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770106156"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-redis-rhel9@sha256%3A7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770106156"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-search-ui-rhel9@sha256%3A3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770107452"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-server-rhel9@sha256%3A9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770106163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"product": {
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"product_id": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"product_identification_helper": {
"purl": "pkg:oci/timestamp-authority-rhel9@sha256%3A37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770107440"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64"
},
"product_reference": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64"
},
"product_reference": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64"
},
"product_reference": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-22772",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-01-12T22:01:21.336171+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428808"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a certificate authority for issuing code signing certificates. A remote attacker could exploit this by bypassing MetaIssuer URL validation due to unanchored regular expressions (regex) in the `metaRegex()` function. This vulnerability could lead to Server-Side Request Forgery (SSRF), allowing the attacker to probe internal network services. While the flaw only permits GET requests, preventing state changes or data exfiltration, it still poses a risk for internal network reconnaissance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Fulcio\u0027s URL validation allows attackers to bypass security checks, leading to Server-Side Request Forgery (SSRF). This could enable internal network reconnaissance within affected Red Hat OpenShift and Ansible Automation Platform deployments, though it does not permit state changes or data exfiltration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "RHBZ#2428808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d",
"url": "https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr"
}
],
"release_date": "2026-01-12T20:58:53.659000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation"
},
{
"cve": "CVE-2026-22774",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2026-01-15T19:01:29.258462+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker can exploit this vulnerability by providing specially crafted input to the devalue.parse function. This can cause the application to consume excessive CPU time and memory, leading to a denial of service (DoS) condition. The root cause is an unchecked assumption during typed array hydration, where an ArrayBuffer is expected but not validated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "devalue: devalue: Denial of Service due to excessive resource consumption from untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `devalue` JavaScript library, such as pgAdmin 4, Red Hat Build of Podman Desktop, and Red Hat Trusted Artifact Signer. A remote attacker can exploit this flaw by providing specially crafted input to the `devalue.parse` function, leading to excessive CPU and memory consumption and a denial of service condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22774"
},
{
"category": "external",
"summary": "RHBZ#2430095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22774"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4",
"url": "https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/releases/tag/v5.6.2",
"url": "https://github.com/sveltejs/devalue/releases/tag/v5.6.2"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/security/advisories/GHSA-vw5p-8cq8-m7mv",
"url": "https://github.com/sveltejs/devalue/security/advisories/GHSA-vw5p-8cq8-m7mv"
}
],
"release_date": "2026-01-15T18:53:21.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "devalue: devalue: Denial of Service due to excessive resource consumption from untrusted input"
},
{
"cve": "CVE-2026-22775",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2026-01-15T20:00:50.600496+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430109"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker could exploit this vulnerability by providing specially crafted input to the `devalue.parse` function. This improper input validation, specifically during the ArrayBuffer hydration process, can cause the application to consume excessive CPU time and memory. This ultimately leads to a denial of service (DoS), making the affected system unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "devalue: devalue: Denial of Service due to improper input validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat. The `devalue` JavaScript library, when used by applications to parse untrusted external input, is susceptible to a denial of service. Specially crafted input to the `devalue.parse` function can lead to excessive CPU and memory consumption, rendering the affected system unavailable. Red Hat products such as Red Hat Build of Podman Desktop and Red Hat Trusted Artifact Signer are affected if they process untrusted data using the vulnerable `devalue.parse` function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22775"
},
{
"category": "external",
"summary": "RHBZ#2430109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22775",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22775"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4",
"url": "https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/releases/tag/v5.6.2",
"url": "https://github.com/sveltejs/devalue/releases/tag/v5.6.2"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/security/advisories/GHSA-g2pg-6438-jwpf",
"url": "https://github.com/sveltejs/devalue/security/advisories/GHSA-g2pg-6438-jwpf"
}
],
"release_date": "2026-01-15T18:59:37.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "devalue: devalue: Denial of Service due to improper input validation"
},
{
"cve": "CVE-2026-23745",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-16T23:01:26.508727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the node-tar library. The flaw allows an attacker to perform arbitrary file overwrite and symlink poisoning by crafting malicious tar archives. This occurs due to insufficient path sanitization of hardlink and symbolic link entries, even when the default secure behavior (preservePaths is false) is enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "RHBZ#2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e",
"url": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97"
}
],
"release_date": "2026-01-16T22:00:08.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
},
{
"cve": "CVE-2026-23950",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-01-20T02:00:55.870044+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The `node-tar` library is susceptible to a race condition due to incomplete handling of Unicode path collisions, which can lead to arbitrary file overwrites via symlink poisoning. However, this issue primarily affects case-insensitive or normalization-insensitive filesystems. Red Hat Enterprise Linux and other Red Hat products typically utilize case-sensitive filesystems, which may limit the direct impact of this flaw in default configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "RHBZ#2431036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6",
"url": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w"
}
],
"release_date": "2026-01-20T00:40:48.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T15:45:43+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:240a9553315990a06a9d52eaf6e96e3aa1c743f1fbff33b95b489d41cef18f5a_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d876a5e41b8467cdde921032f2cd53e77bef99ebcd8b61d72a3ad411469ad352_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:ec50096d68a499e7f605bcfa7afd30845a03e0c4849736431f6752fa8b850897_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:3971738912069448174202486b61ed384153ca18af3e8430a55795a6e65eb58d_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:9746960bbc79e0ecf82a0ee12f878e90e202247dcaeb046bdd11db48a52ccb90_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:37b9359f11098a781158e5bc0850ec43b599d29a354b43745067656b0a234814_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:f4e92bf3f35d86fe895a2e3225098b3d4d9dae720ef1d45e9efcf23dec8242b6_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:7c6cba78fb26addd9f056ec3f8b9376666db353451da37a4681a51d16f2ff76c_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:83a8710df2032471c379f4cfbb3861ec9c4c7794f8b487483dbfb8cf57207750_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:7261ee18d6fd8d42614e94ae3bdb77c5acad54f2b9898365bf8668c60a32589a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
}
]
}
RHSA-2026:2852
Vulnerability from csaf_redhat - Published: 2026-02-17 23:04 - Updated: 2026-02-20 07:32Summary
Red Hat Security Advisory: OpenShift Security Profiles Operator bug fix and enhancement update
Notes
Topic
An updated OpenShift Security Profiles Operator image that fixes various bugs and adds new
enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Details
The Security Profiles Operator v0.10.0 is now available.
See the documentation for release information:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/security-profiles-operator
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated OpenShift Security Profiles Operator image that fixes various bugs and adds new\nenhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "The Security Profiles Operator v0.10.0 is now available.\nSee the documentation for release information:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/security-profiles-operator",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2852",
"url": "https://access.redhat.com/errata/RHSA-2026:2852"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2852.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Security Profiles Operator bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-02-20T07:32:28+00:00",
"generator": {
"date": "2026-02-20T07:32:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2852",
"initial_release_date": "2026-02-17T23:04:21+00:00",
"revision_history": [
{
"date": "2026-02-17T23:04:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-17T23:04:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T07:32:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Security Profiles Operator 1",
"product": {
"name": "OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_security_profiles_operator:1::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Security Profiles Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel10@sha256%3A1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365824"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel8@sha256%3A7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365778"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel9@sha256%3Af7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365810"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"product_id": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-security-profiles-operator-bundle@sha256%3A4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771367226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"product_id": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-security-profiles-rhel8-operator@sha256%3Ae599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1770869850"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel10@sha256%3A659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365824"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel8@sha256%3A8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365778"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel9@sha256%3A2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365810"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-security-profiles-rhel8-operator@sha256%3A66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1770869850"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
],
"known_not_affected": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T23:04:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2852"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
],
"known_not_affected": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T23:04:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2852"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
}
]
}
FKIE_CVE-2025-66564
Vulnerability from fkie_nvd - Published: 2025-12-04 23:15 - Updated: 2025-12-08 18:27
Severity ?
Summary
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). This vulnerability is fixed in 2.0.3.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). This vulnerability is fixed in 2.0.3."
}
],
"id": "CVE-2025-66564",
"lastModified": "2025-12-08T18:27:15.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-04T23:15:47.430",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-405"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2026:10131-1
Vulnerability from csaf_opensuse - Published: 2026-02-02 00:00 - Updated: 2026-02-02 00:00Summary
trivy-0.69.0-1.1 on GA media
Notes
Title of the patch
trivy-0.69.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the trivy-0.69.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2026-10131
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "trivy-0.69.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the trivy-0.69.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10131",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10131-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66564 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66564/"
}
],
"title": "trivy-0.69.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-02T00:00:00Z",
"generator": {
"date": "2026-02-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10131-1",
"initial_release_date": "2026-02-02T00:00:00Z",
"revision_history": [
{
"date": "2026-02-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-1.1.aarch64",
"product": {
"name": "trivy-0.69.0-1.1.aarch64",
"product_id": "trivy-0.69.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-1.1.ppc64le",
"product": {
"name": "trivy-0.69.0-1.1.ppc64le",
"product_id": "trivy-0.69.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-1.1.s390x",
"product": {
"name": "trivy-0.69.0-1.1.s390x",
"product_id": "trivy-0.69.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-1.1.x86_64",
"product": {
"name": "trivy-0.69.0-1.1.x86_64",
"product_id": "trivy-0.69.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64"
},
"product_reference": "trivy-0.69.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le"
},
"product_reference": "trivy-0.69.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x"
},
"product_reference": "trivy-0.69.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
},
"product_reference": "trivy-0.69.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64702"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64702",
"url": "https://www.suse.com/security/cve/CVE-2025-64702"
},
{
"category": "external",
"summary": "SUSE Bug 1255365 for CVE-2025-64702",
"url": "https://bugzilla.suse.com/1255365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64702"
},
{
"cve": "CVE-2025-66564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66564"
}
],
"notes": [
{
"category": "general",
"text": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). This vulnerability is fixed in 2.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66564",
"url": "https://www.suse.com/security/cve/CVE-2025-66564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-66564"
}
]
}
OPENSUSE-SU-2026:20191-1
Vulnerability from csaf_opensuse - Published: 2026-02-10 21:52 - Updated: 2026-02-10 21:52Summary
Security update for trivy
Notes
Title of the patch
Security update for trivy
Description of the patch
This update for trivy fixes the following issues:
Changes in trivy:
- Update to version 0.69.0 (bsc#1255366, CVE-2025-64702):
* release: v0.69.0 [main] (#9886)
* chore: bump trivy-checks to v2 (#9875)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091)
* fix(repo): return a nil interface for gitAuth if missing (#10097)
* fix(java): correctly inherit properties from parent fields for pom.xml files (#9111)
* fix(rust): implement version inheritance for Cargo mono repos (#10011)
* feat(activestate): add support ActiveState images (#10081)
* feat(vex): support per-repo tls configuration (#10030)
* refactor: allow per-request transport options override (#10083)
* chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084)
* chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085)
* fix(java): correctly propagate repositories from upper POMs to dependencies (#10077)
* feat(rocky): enable modular package vulnerability detection (#10069)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079)
* docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070)
* feat(report): add Trivy version to JSON output (#10065)
* fix(rust): add cargo workspace members glob support (#10032)
* feat: add AnalyzedBy field to track which analyzer detected packages (#10059)
* fix: use canonical SPDX license IDs from embeded licenses.json (#10053)
* docs: fix link to Docker Image Specification (#10057)
* feat(secret): add detection for Symfony default secret key (#9892)
* refactor(misconf): move common logic to base value and simplify typed values (#9986)
* fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880)
* feat(misconf): use Terraform plan configuration to partially restore schema (#9623)
* feat(misconf): add action block to Terraform schema (#10035)
* fix(misconf): correct typos in block and attribute names (#9993)
* test(misconf): simplify test values using *Test helpers (#9985)
* fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980)
* feat(misconf): support for ARM resources defined as an object (#9959)
* feat(misconf): support for azurerm_*_web_app (#9944)
* test: migrate private test helpers to `export_test.go` convention (#10043)
* chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048)
* fix(secret): improve word boundary detection for Hugging Face tokens (#10046)
* fix(go): use ldflags version for all pseudo-versions (#10037)
* chore: switch to ID from AVDID in internal and user-facing fields (#9655)
* refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752)
* fix: move enum into items for array-type fields in JSON Schema (#10039)
* docs: fix incorrect documentation URLs (#10038)
* feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033)
* fix(docker): fix non-det scan results for images with embedded SBOM (#9866)
* chore(deps): bump the github-actions group with 11 updates (#10001)
* test: fix assertion after 2026 roll over (#10002)
* fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964)
* fix(license): normalize licenses for PostAnalyzers (#9941)
* feat(nodejs): parse licenses from `package-lock.json` file (#9983)
* chore: update reference links to Go Wiki (#9987)
* refactor: add xslices.Map and replace lo.Map usages (#9984)
* fix(image): race condition in image artifact inspection (#9966)
* feat(flag): add JSON Schema for trivy.yaml configuration file (#9971)
* refactor(debian): use txtar format for test data (#9957)
* chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973)
* feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930)
* feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932)
* docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961)
* perf(misconf): optimize string concatenation in azure scanner (#9969)
* chore: add client option to install script (#9962)
* ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956)
* chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952)
* docs: update binary signature verification for sigstore bundles (#9929)
* chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935)
* chore(alpine): add EOL date for alpine 3.23 (#9934)
* feat(cloudformation): add support for Fn::ForEach (#9508)
* ci: enable `check-latest` for `setup-go` (#9931)
* feat(debian): detect third-party packages using maintainer list (#9917)
* fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924)
* feat(helm): add sslCertDir parameter (#9697)
* fix(misconf): respect .yml files when Helm charts are detected (#9912)
* feat(php): add support for dev dependencies in Composer (#9910)
* chore(deps): bump the common group across 1 directory with 9 updates (#9903)
* chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859)
* fix: remove trailing tab in statefulset template (#9889)
* feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800)
* feat(misconf): initial ansible scanning support (#9332)
* feat(misconf): Update Azure Database schema (#9811)
* ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869)
* chore: update the install script (#9874)
Patchnames
openSUSE-Leap-16.0-packagehub-118
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for trivy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for trivy fixes the following issues:\n\nChanges in trivy:\n\n- Update to version 0.69.0 (bsc#1255366, CVE-2025-64702):\n * release: v0.69.0 [main] (#9886)\n * chore: bump trivy-checks to v2 (#9875)\n * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091)\n * fix(repo): return a nil interface for gitAuth if missing (#10097)\n * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111)\n * fix(rust): implement version inheritance for Cargo mono repos (#10011)\n * feat(activestate): add support ActiveState images (#10081)\n * feat(vex): support per-repo tls configuration (#10030)\n * refactor: allow per-request transport options override (#10083)\n * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084)\n * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085)\n * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077)\n * feat(rocky): enable modular package vulnerability detection (#10069)\n * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079)\n * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070)\n * feat(report): add Trivy version to JSON output (#10065)\n * fix(rust): add cargo workspace members glob support (#10032)\n * feat: add AnalyzedBy field to track which analyzer detected packages (#10059)\n * fix: use canonical SPDX license IDs from embeded licenses.json (#10053)\n * docs: fix link to Docker Image Specification (#10057)\n * feat(secret): add detection for Symfony default secret key (#9892)\n * refactor(misconf): move common logic to base value and simplify typed values (#9986)\n * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880)\n * feat(misconf): use Terraform plan configuration to partially restore schema (#9623)\n * feat(misconf): add action block to Terraform schema (#10035)\n * fix(misconf): correct typos in block and attribute names (#9993)\n * test(misconf): simplify test values using *Test helpers (#9985)\n * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980)\n * feat(misconf): support for ARM resources defined as an object (#9959)\n * feat(misconf): support for azurerm_*_web_app (#9944)\n * test: migrate private test helpers to `export_test.go` convention (#10043)\n * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048)\n * fix(secret): improve word boundary detection for Hugging Face tokens (#10046)\n * fix(go): use ldflags version for all pseudo-versions (#10037)\n * chore: switch to ID from AVDID in internal and user-facing fields (#9655)\n * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752)\n * fix: move enum into items for array-type fields in JSON Schema (#10039)\n * docs: fix incorrect documentation URLs (#10038)\n * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033)\n * fix(docker): fix non-det scan results for images with embedded SBOM (#9866)\n * chore(deps): bump the github-actions group with 11 updates (#10001)\n * test: fix assertion after 2026 roll over (#10002)\n * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964)\n * fix(license): normalize licenses for PostAnalyzers (#9941)\n * feat(nodejs): parse licenses from `package-lock.json` file (#9983)\n * chore: update reference links to Go Wiki (#9987)\n * refactor: add xslices.Map and replace lo.Map usages (#9984)\n * fix(image): race condition in image artifact inspection (#9966)\n * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971)\n * refactor(debian): use txtar format for test data (#9957)\n * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973)\n * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930)\n * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932)\n * docs: add info that `--file-pattern` flag doesn\u0027t disable default behaviuor (#9961)\n * perf(misconf): optimize string concatenation in azure scanner (#9969)\n * chore: add client option to install script (#9962)\n * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956)\n * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952)\n * docs: update binary signature verification for sigstore bundles (#9929)\n * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935)\n * chore(alpine): add EOL date for alpine 3.23 (#9934)\n * feat(cloudformation): add support for Fn::ForEach (#9508)\n * ci: enable `check-latest` for `setup-go` (#9931)\n * feat(debian): detect third-party packages using maintainer list (#9917)\n * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924)\n * feat(helm): add sslCertDir parameter (#9697)\n * fix(misconf): respect .yml files when Helm charts are detected (#9912)\n * feat(php): add support for dev dependencies in Composer (#9910)\n * chore(deps): bump the common group across 1 directory with 9 updates (#9903)\n * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859)\n * fix: remove trailing tab in statefulset template (#9889)\n * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800)\n * feat(misconf): initial ansible scanning support (#9332)\n * feat(misconf): Update Azure Database schema (#9811)\n * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869)\n * chore: update the install script (#9874)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-118",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20191-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1255366",
"url": "https://bugzilla.suse.com/1255366"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66564 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66564/"
}
],
"title": "Security update for trivy",
"tracking": {
"current_release_date": "2026-02-10T21:52:10Z",
"generator": {
"date": "2026-02-10T21:52:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20191-1",
"initial_release_date": "2026-02-10T21:52:10Z",
"revision_history": [
{
"date": "2026-02-10T21:52:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-bp160.1.1.aarch64",
"product": {
"name": "trivy-0.69.0-bp160.1.1.aarch64",
"product_id": "trivy-0.69.0-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-bp160.1.1.ppc64le",
"product": {
"name": "trivy-0.69.0-bp160.1.1.ppc64le",
"product_id": "trivy-0.69.0-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-bp160.1.1.s390x",
"product": {
"name": "trivy-0.69.0-bp160.1.1.s390x",
"product_id": "trivy-0.69.0-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-bp160.1.1.x86_64",
"product": {
"name": "trivy-0.69.0-bp160.1.1.x86_64",
"product_id": "trivy-0.69.0-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64"
},
"product_reference": "trivy-0.69.0-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le"
},
"product_reference": "trivy-0.69.0-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x"
},
"product_reference": "trivy-0.69.0-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
},
"product_reference": "trivy-0.69.0-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64702"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64702",
"url": "https://www.suse.com/security/cve/CVE-2025-64702"
},
{
"category": "external",
"summary": "SUSE Bug 1255365 for CVE-2025-64702",
"url": "https://bugzilla.suse.com/1255365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-10T21:52:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-64702"
},
{
"cve": "CVE-2025-66564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66564"
}
],
"notes": [
{
"category": "general",
"text": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). This vulnerability is fixed in 2.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66564",
"url": "https://www.suse.com/security/cve/CVE-2025-66564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-10T21:52:10Z",
"details": "important"
}
],
"title": "CVE-2025-66564"
}
]
}
GHSA-4QG8-FJ49-PXJH
Vulnerability from github – Published: 2025-12-05 18:19 – Updated: 2025-12-05 18:19
VLAI?
Summary
Sigstore Timestamp Authority allocates excessive memory during request parsing
Details
Impact
Excessive memory allocation
Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string.
As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification)
Patches
Upgrade to v2.0.3.
Workarounds
There are no workarounds with the service itself. If the service is behind a load balancer, configure the load balancer to reject excessively large requests.
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/sigstore/timestamp-authority"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66564"
],
"database_specific": {
"cwe_ids": [
"CWE-405"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-05T18:19:00Z",
"nvd_published_at": "2025-12-04T23:15:47Z",
"severity": "HIGH"
},
"details": "### Impact\n\n**Excessive memory allocation**\n\nFunction [api.ParseJSONRequest](https://github.com/sigstore/timestamp-authority/blob/26d7d426d3000abdbdf2df34de56bb92246c0365/pkg/api/timestamp.go#L63) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) an optionally-provided OID (which is untrusted data) on periods. Similarly, function [api.getContentType](https://github.com/sigstore/timestamp-authority/blob/26d7d426d3000abdbdf2df34de56bb92246c0365/pkg/api/timestamp.go#L114) splits the `Content-Type` header (which is also untrusted data) on an `application` string.\n\nAs a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed `Content-Type` header, a call to `api.ParseJSONRequest` or `api.getContentType` incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)\n\n### Patches\n\nUpgrade to v2.0.3.\n\n### Workarounds\n\nThere are no workarounds with the service itself. If the service is behind a load balancer, configure the load balancer to reject excessively large requests.",
"id": "GHSA-4qg8-fj49-pxjh",
"modified": "2025-12-05T18:19:00Z",
"published": "2025-12-05T18:19:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/timestamp-authority"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Sigstore Timestamp Authority allocates excessive memory during request parsing"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…