Vulnerability-Lookup

RHSA-2025:9340

Vulnerability from csaf_redhat - Published: 2025-06-23 02:17 - Updated: 2026-01-22 03:03

Summary

Red Hat Security Advisory: Updated 7.1 container image is now available in the Red Hat Ecosystem Catalog.

Notes

Topic

A new rhceph-7.1 container image is now available in the Red Hat Ecosystem Catalog.

Details

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 7.1 and Red Hat Enterprise Linux 8.10, 9.4, 9.5. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes: https://docs.redhat.com/en/documentation/red_hat_ceph_storage/7/html/7.1_release_notes All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous bug fixes.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new rhceph-7.1 container image is now available in the Red Hat Ecosystem\nCatalog.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. \n \nThis new container image is based on Red Hat Ceph Storage 7.1 and Red Hat Enterprise Linux 8.10, 9.4, 9.5.\n \nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/7/html/7.1_release_notes\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous bug fixes.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:9340",
        "url": "https://access.redhat.com/errata/RHSA-2025:9340"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2262352",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
      },
      {
        "category": "external",
        "summary": "2279451",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279451"
      },
      {
        "category": "external",
        "summary": "2333122",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9340.json"
      }
    ],
    "title": "Red Hat Security Advisory: Updated 7.1 container image is now available in the Red Hat Ecosystem Catalog.",
    "tracking": {
      "current_release_date": "2026-01-22T03:03:00+00:00",
      "generator": {
        "date": "2026-01-22T03:03:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2025:9340",
      "initial_release_date": "2025-06-23T02:17:34+00:00",
      "revision_history": [
        {
          "date": "2025-06-23T02:17:34+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-06-23T02:17:34+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-22T03:03:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Ceph Storage 7.1 Tools",
                "product": {
                  "name": "Red Hat Ceph Storage 7.1 Tools",
                  "product_id": "9Base-RHCEPH-7.1-Tools",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ceph_storage:7.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Ceph Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
                "product": {
                  "name": "rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
                  "product_id": "rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.5.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
                "product": {
                  "name": "rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
                  "product_id": "rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
                "product": {
                  "name": "rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
                  "product_id": "rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
                "product": {
                  "name": "rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
                  "product_id": "rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-529"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
                  "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
                  "product_id": "rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-114"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
                "product": {
                  "name": "rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
                  "product_id": "rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.5.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
                "product": {
                  "name": "rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
                  "product_id": "rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
                "product": {
                  "name": "rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
                  "product_id": "rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
                "product": {
                  "name": "rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
                  "product_id": "rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-529"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
                  "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x",
                  "product_id": "rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-114"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
                "product": {
                  "name": "rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
                  "product_id": "rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.5.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
                "product": {
                  "name": "rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
                  "product_id": "rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
                  "product_id": "rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
                  "product_id": "rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-529"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
                  "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
                  "product_id": "rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-114"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le"
        },
        "product_reference": "rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x"
        },
        "product_reference": "rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64"
        },
        "product_reference": "rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le"
        },
        "product_reference": "rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x"
        },
        "product_reference": "rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64"
        },
        "product_reference": "rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le"
        },
        "product_reference": "rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x"
        },
        "product_reference": "rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64"
        },
        "product_reference": "rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x"
        },
        "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64"
        },
        "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le"
        },
        "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le"
        },
        "product_reference": "rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64"
        },
        "product_reference": "rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
          "product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
        },
        "product_reference": "rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-24557",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "discovery_date": "2024-02-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2262352"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a \u0027FROM scratch\u0027 in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulled and considered a valid cache candidate for some build steps.\r\nThis only affects one if using DOCKER_BUILDKIT=0 or using the /build API endpoint.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moby: classic builder cache poisoning",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this as a Moderate impact since attack complexity is quite high. There are multiple conditions which are required: dockerfile is configured to use a non-default setting, attacker must be aware of this information, and they must have the ability to craft a malicious cache.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-24557"
        },
        {
          "category": "external",
          "summary": "RHBZ#2262352",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24557",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
        },
        {
          "category": "external",
          "summary": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
          "url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
        }
      ],
      "release_date": "2024-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-23T02:17:34+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
          "product_ids": [
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:9340"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "moby: classic builder cache poisoning"
    },
    {
      "cve": "CVE-2024-34069",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "discovery_date": "2024-05-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2279451"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer\u0027s machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer\u0027s application that will trigger the debugger.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-werkzeug: user may execute code on a developer\u0027s machine",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Werkzeug\u0027s debugger allows an attacker to potentially execute code on a developer\u0027s machine. This can occur if the attacker tricks the developer into interacting with a controlled domain and subdomain and entering the debugger PIN. Although the debugger is meant to run locally, successful exploitation can give the attacker access to it by guessing a specific URL that triggers the debugger. The severity is rate as IMPORTANT because this flaw can potentially impacts confidentiality, integrity, and availability if the attacker can gain control.\n\nCeph uses an affected Werkzeug version but this vulnerability does not impact OpenShift Data Foundation (ODF) because the debugger is not set up or used on development machines, so there is no debugger to have information taken from.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-34069"
        },
        {
          "category": "external",
          "summary": "RHBZ#2279451",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279451"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
        },
        {
          "category": "external",
          "summary": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692",
          "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"
        },
        {
          "category": "external",
          "summary": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985",
          "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"
        }
      ],
      "release_date": "2024-05-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-23T02:17:34+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
          "product_ids": [
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:9340"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python-werkzeug: user may execute code on a developer\u0027s machine"
    },
    {
      "cve": "CVE-2024-45338",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-12-18T21:00:59.938173+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2333122"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
          "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45338"
        },
        {
          "category": "external",
          "summary": "RHBZ#2333122",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/637536",
          "url": "https://go.dev/cl/637536"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/70906",
          "url": "https://go.dev/issue/70906"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
          "url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-3333",
          "url": "https://pkg.go.dev/vuln/GO-2024-3333"
        }
      ],
      "release_date": "2024-12-18T20:38:22.660000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-23T02:17:34+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
          "product_ids": [
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:9340"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:e6986670487df0bed88d84cbe6cbb24d218c61b4053da2fe49128d177e818e02_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:e3ed9f78bf775b09845e149d59d4b7e242c8bac06b80a8efa8b1f0cbc0c01ba5_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:3f5c68affed330d147e09ac2431f30cb018ac5041900af313fd606890c17e5bd_ppc64le",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64",
            "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
    }
  ]
}

CVE-2024-45338 (GCVE-0-2024-45338)

Vulnerability from cvelistv5 – Published: 2024-12-18 20:38 – Updated: 2025-02-21 18:03

Title

Non-linear parsing of case-insensitive content in golang.org/x/net/html

Summary

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)

Assigner

References

URL

Tags

	https://go.dev/cl/637536
	https://go.dev/issue/70906
	https://groups.google.com/g/golang-announce/c/wSC…
	https://pkg.go.dev/vuln/GO-2024-3333

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.33.0 (semver)

Credits

Guido Vranken

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-31T19:51:42.228627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "CWE-1333 Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-31T19:55:04.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-21T18:03:32.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250221-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parseDoctype"
            },
            {
              "name": "htmlIntegrationPoint"
            },
            {
              "name": "inTableIM"
            },
            {
              "name": "inBodyIM"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.33.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T20:38:22.660Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/637536"
        },
        {
          "url": "https://go.dev/issue/70906"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3333"
        }
      ],
      "title": "Non-linear parsing of case-insensitive content in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-45338",
    "datePublished": "2024-12-18T20:38:22.660Z",
    "dateReserved": "2024-08-27T19:41:58.555Z",
    "dateUpdated": "2025-02-21T18:03:32.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-24557 (GCVE-0-2024-24557)

Vulnerability from cvelistv5 – Published: 2024-02-01 16:26 – Updated: 2025-05-15 15:27

Title

Moby classic builder cache poisoning

Summary

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.

Severity ?

6.9 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

CWE

CWE-346 - Origin Validation Error
CWE-345 - Insufficient Verification of Data Authenticity

Assigner

GitHub_M

References

URL

Tags

	https://github.com/moby/moby/security/advisories/…	x_refsource_CONFIRM
	https://github.com/moby/moby/commit/3e230cfdcc989…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	moby	moby	Affected: >= 25.0.0, < 25.0.2 Affected: < 24.0.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:19:52.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
          },
          {
            "name": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:20:50.514908Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:27:27.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moby",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 25.0.0, \u003c 25.0.2"
            },
            {
              "status": "affected",
              "version": " \u003c 24.0.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346: Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-01T17:38:40.747Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
        },
        {
          "name": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
        }
      ],
      "source": {
        "advisory": "GHSA-xw73-rw38-6vjc",
        "discovery": "UNKNOWN"
      },
      "title": "Moby classic builder cache poisoning"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-24557",
    "datePublished": "2024-02-01T16:26:29.685Z",
    "dateReserved": "2024-01-25T15:09:40.208Z",
    "dateUpdated": "2025-05-15T15:27:27.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34069 (GCVE-0-2024-34069)

Vulnerability from cvelistv5 – Published: 2024-05-06 14:44 – Updated: 2025-02-21 18:03

Title

Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution

Summary

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/pallets/werkzeug/security/advi…	x_refsource_CONFIRM
	https://github.com/pallets/werkzeug/commit/338639…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://security.netapp.com/advisory/ntap-2024061…

Impacted products

	Vendor	Product	Version
	pallets	werkzeug	Affected: < 3.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "werkzeug",
            "vendor": "palletsprojects",
            "versions": [
              {
                "lessThan": "3.0.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34069",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:54:35.623303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:56:20.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-21T18:03:28.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"
          },
          {
            "name": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240614-0004/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00026.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "werkzeug",
          "vendor": "pallets",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer\u0027s machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer\u0027s application that will trigger the debugger. This vulnerability is fixed in 3.0.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T13:06:15.610Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"
        },
        {
          "name": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240614-0004/"
        }
      ],
      "source": {
        "advisory": "GHSA-2g68-c3qc-8985",
        "discovery": "UNKNOWN"
      },
      "title": "Werkzeug\u0027s improper usage of a pathname and improper CSRF protection results in the remote command execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34069",
    "datePublished": "2024-05-06T14:44:38.780Z",
    "dateReserved": "2024-04-30T06:56:33.381Z",
    "dateUpdated": "2025-02-21T18:03:28.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:9340

CVE-2024-45338 (GCVE-0-2024-45338)

CVE-2024-24557 (GCVE-0-2024-24557)

CVE-2024-34069 (GCVE-0-2024-34069)

Tags

Sightings

Nomenclature