rhsa-2025:1468
Vulnerability from csaf_redhat
Published
2025-02-13 18:14
Modified
2025-04-03 18:35
Summary
Red Hat Security Advisory: ACS 4.4 enhancement and security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of RHACS 4.4.8 includes security fixes. If you are
using an earlier version of RHACS 4.4, you are advised to upgrade to this
patch release 4.4.8.
Security issues fixed:
* npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript (CVE-2024-11831)
* go-git: Argument injection via the URL field (CVE-2025-21613)
* go-git: Go-git clients vulnerable to DoS via maliciously crafted Git server replies (CVE-2025-21614)
* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)
* golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of RHACS 4.4.8 includes security fixes. If you are\nusing an earlier version of RHACS 4.4, you are advised to upgrade to this\npatch release 4.4.8.\n\nSecurity issues fixed:\n\n* npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript (CVE-2024-11831)\n\n* go-git: Argument injection via the URL field (CVE-2025-21613)\n\n* go-git: Go-git clients vulnerable to DoS via maliciously crafted Git server replies (CVE-2025-21614)\n\n* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)\n\n* golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:1468", url: "https://access.redhat.com/errata/RHSA-2025:1468", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html", url: "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html", }, { category: "external", summary: "2312579", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312579", }, { category: "external", summary: "2331720", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2331720", }, { category: "external", summary: "2333122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2333122", }, { category: "external", summary: "2335888", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2335888", }, { category: "external", summary: "2335901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2335901", }, { category: "external", summary: "ROX-27933", url: "https://issues.redhat.com/browse/ROX-27933", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1468.json", }, ], title: "Red Hat Security Advisory: ACS 4.4 enhancement and security update", tracking: { current_release_date: "2025-04-03T18:35:57+00:00", generator: { date: "2025-04-03T18:35:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:1468", initial_release_date: "2025-02-13T18:14:31+00:00", revision_history: [ { date: "2025-02-13T18:14:31+00:00", number: "1", summary: "Initial version", }, { date: "2025-02-13T18:14:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-03T18:35:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHACS 4.4 for RHEL 8", product: { name: "RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4", product_identification_helper: { cpe: "cpe:/a:redhat:advanced_cluster_security:4.4::el8", }, }, }, ], category: "product_family", name: "Red Hat Advanced Cluster Security for Kubernetes", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.4.8-2", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.4.8-2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.4.8-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.4.8-2", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64 as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", relates_to_product_reference: "8Base-RHACS-4.4", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le as a component of RHACS 4.4 for RHEL 8", product_id: "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", relates_to_product_reference: "8Base-RHACS-4.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-11831", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-16T16:43:32.021000+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312579", }, ], notes: [ { category: "description", text: "A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.", title: "Vulnerability description", }, { category: "summary", text: "npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", ], known_not_affected: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-11831", }, { category: "external", summary: "RHBZ#2312579", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312579", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-11831", url: "https://www.cve.org/CVERecord?id=CVE-2024-11831", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-11831", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-11831", }, { category: "external", summary: "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e", url: "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e", }, { category: "external", summary: "https://github.com/yahoo/serialize-javascript/pull/173", url: "https://github.com/yahoo/serialize-javascript/pull/173", }, ], release_date: "2024-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-13T18:14:31+00:00", details: "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to this patch release 4.4.8.", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1468", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript", }, { cve: "CVE-2024-45337", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2024-12-11T19:00:54.247490+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2331720", }, ], notes: [ { category: "description", text: "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.", title: "Vulnerability description", }, { category: "summary", text: "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application's handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 & 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", ], known_not_affected: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45337", }, { category: "external", summary: "RHBZ#2331720", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2331720", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45337", url: "https://www.cve.org/CVERecord?id=CVE-2024-45337", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", }, { category: "external", summary: "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", url: "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", }, { category: "external", summary: "https://go.dev/cl/635315", url: "https://go.dev/cl/635315", }, { category: "external", summary: "https://go.dev/issue/70779", url: "https://go.dev/issue/70779", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", url: "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-3321", url: "https://pkg.go.dev/vuln/GO-2024-3321", }, ], release_date: "2024-12-11T18:55:58.506000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-13T18:14:31+00:00", details: "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to this patch release 4.4.8.", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1468", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", }, { cve: "CVE-2024-45338", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-12-18T21:00:59.938173+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2333122", }, ], notes: [ { category: "description", text: "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", ], known_not_affected: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45338", }, { category: "external", summary: "RHBZ#2333122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2333122", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45338", url: "https://www.cve.org/CVERecord?id=CVE-2024-45338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45338", }, { category: "external", summary: "https://go.dev/cl/637536", url: "https://go.dev/cl/637536", }, { category: "external", summary: "https://go.dev/issue/70906", url: "https://go.dev/issue/70906", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ", url: "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-3333", url: "https://pkg.go.dev/vuln/GO-2024-3333", }, ], release_date: "2024-12-18T20:38:22.660000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-13T18:14:31+00:00", details: "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to this patch release 4.4.8.", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1468", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html", }, { cve: "CVE-2025-21613", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2025-01-06T17:00:41.244449+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2335888", }, ], notes: [ { category: "description", text: "An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.", title: "Vulnerability description", }, { category: "summary", text: "go-git: argument injection via the URL field", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as an Important severity because an argument injection has been discovered in go-git, where an attackers can manipulate git-upload-pack flags, potentially enabling command or code execution leads to an exposure of sensitive data or other unintended actions, this vulnerability occurs exclusively in configurations using the file transport protocol.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", ], known_not_affected: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-21613", }, { category: "external", summary: "RHBZ#2335888", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2335888", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-21613", url: "https://www.cve.org/CVERecord?id=CVE-2025-21613", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-21613", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-21613", }, { category: "external", summary: "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m", url: "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m", }, ], release_date: "2025-01-06T16:13:10.611000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-13T18:14:31+00:00", details: "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to this patch release 4.4.8.", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1468", }, { category: "workaround", details: "In cases where it is not possible to update to the latest version of go-git, it is recommended to enforce validation rules for values passed in the URL field.", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "go-git: argument injection via the URL field", }, { cve: "CVE-2025-21614", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2025-01-06T17:01:36.743039+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2335901", }, ], notes: [ { category: "description", text: "A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.", title: "Vulnerability description", }, { category: "summary", text: "go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", ], known_not_affected: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-21614", }, { category: "external", summary: "RHBZ#2335901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2335901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-21614", url: "https://www.cve.org/CVERecord?id=CVE-2025-21614", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-21614", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-21614", }, { category: "external", summary: "https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4", url: "https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4", }, ], release_date: "2025-01-06T16:20:16.140000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-13T18:14:31+00:00", details: "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to this patch release 4.4.8.", product_ids: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1468", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:394f4fd42c292ef68abf4a9104fe668026e394c3243ebf9b184d40a4b4b0132e_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:6478816c1b2bdeb40c77c267fff033dca5523375c64623bf56d493c4417a3c3f_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8b92405457c5240a4d672409a7519d28463f2f0e104f441e3d0d0839549c6215_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:39367ad4f4807b804eb6a95d241d99c528995f75d3264b58820cf50fa6abceef_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:a5a1e18726ce755a8f2a36a58928714d61f4426643b7f08da086004982e993ef_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd132ae4b02647d5b0f0a910539c75efb3e0795590df00056542e969605ae296_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:357fa537a29f82ca117b8ed4695456707bd9599c5057ed938a91114e94badf62_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:62ddbd8b9e0b27be7a0541c7fe085b621834facff7d83d4a2e57b56ef6c713a2_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:94b445cbaef0111d98a0ee595988ef420423aa381b36e7127e76e385be12996a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:0e867de15e3038db7274dc1d84cd8ca5b1860b661c8b16ecd8f7aeefa76077a8_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:1aedb2f4b2aefa9586c8aecfff4647497f7a36fc6a547d6688645d87e90413f4_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:92f98ca560ce539495108e6212737ea6cf83215fe0a5aa7a12636ee9d5fca88f_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:123c0108bd7a190dd2accfd21786600f787147f040e57fb5f840861e2caa441d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:6f81e9b903594b0a8bd5517900f7677e09c942953d257c87da11fb779e0f9dab_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:8c199930239623166973ea9cdb40ce2e2537d63e8c731afca3892caa84d2f16a_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f74522967f06958e385468a31e14bb9ede90569dec8292d61e67c6640c1ebde_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:38b340062dea9adc1159a326d39a214541e259e9e16582ef98efcd8e6deb3dd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:609205741b369f72807fcec1fd3351d56e4605fdbbee37975fad8c01a5ea0339_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1ab2b5e9423a2edd5f663cdbf4c15dd6a5c13db13125161f4b4a9916d3c523e2_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1e37a386006e4a7b4414dcdbe6a42191b8f41e706e1df6dfe401cbdbe342f06a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b0f32d062678d69350a3a1a18b643c8b97ebfdbd0bea1c0ee67312312d02fcba_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:439fc3b91a4841c81355ecbb5c610c66139525df82bdb96a4ece4ffd20aca0a5_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7108fcc2c26b8e735231d9bad43febbc2ccc15723b15d3bf9ba643f950f75857_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:7c4fa13ab624b17711df308a9434e529b49b259fe9c6bde4b4e9037ae45996d6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62df44281133dd4191848bfb861ba70eeb113b2bc0ce28c71b82524860421bed_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:844cef84fb29ee2996c284c6d517a645d4b14862c17021bd1b0052515cd364df_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fc974b15c869a26e0ae259a39ce0ed1f1954630557c31465561eeee67bfc2797_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:08c488f99ef1c837418842db1c8e52391a55f5f61a1de98edbbe3a201070168a_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:20a368484142ce585e3a49a402bab10b2045ba2d89711154ae80457c01881a4c_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f252a2c2eaa0a4807e39df8e5fe89a8b66e8ef62a9303a144b765c4857b17e51_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:17a5ed5cea7a0b355ea13e6a95218143c351e34cee1ba0188a14c28f9605e504_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1d00cc8be3101e0a0a901249545566689d1de5554f5101b8fcbb6fa1827d508b_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d001fb8afaf083ac3b02ab7571a709183931ef37baa75908556081480ee395dc_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1ad40dd05581bffe04db700b8b4fbfbe8112399f2bef70b69dd690458b6512ed_ppc64le", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:224bfa6af3a2a9b15657ee0adc0233608bb7a2218f9a488b537e3af4c53acacf_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f2cf132ddd130c3de1e3732f35fdade709c17e8a2775df5ab47cf7583db82fd6_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9ae99a357ee1f9e42942edc998b378960d1a4a6bd9630b802f86743965f36898_s390x", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:bcc9fd4d95422283c8d6016e1f85cd4522f43c0504cadf6aec40b9c30f2d945d_amd64", "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c9713eae9be9f99e9e7382ace5f520f96f641c50d8aed1c64a0f6a0ba9ed5395_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.