RHSA-2026:3718
Vulnerability from csaf_redhat - Published: 2026-03-04 07:52 - Updated: 2026-03-16 12:43Summary
Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.15.4
Notes
Topic
The 1.15.4 GA release of Red Hat OpenShift Pipelines Operator..
For more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).
Details
The 1.15.4 release of Red Hat OpenShift Pipelines Operator.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.15.4 GA release of Red Hat OpenShift Pipelines Operator..\nFor more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).",
"title": "Topic"
},
{
"category": "general",
"text": "The 1.15.4 release of Red Hat OpenShift Pipelines Operator.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3718",
"url": "https://access.redhat.com/errata/RHSA-2026:3718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-24790",
"url": "https://access.redhat.com/security/cve/CVE-2024-24790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-27144",
"url": "https://access.redhat.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-30204",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3718.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.15.4",
"tracking": {
"current_release_date": "2026-03-16T12:43:39+00:00",
"generator": {
"date": "2026-03-16T12:43:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3718",
"initial_release_date": "2026-03-04T07:52:57+00:00",
"revision_history": [
{
"date": "2026-03-04T07:52:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-04T07:53:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-16T12:43:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Pipelines 1.15",
"product": {
"name": "Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256%3Aeea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1772093739"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256%3Ad968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1772609258"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256%3A1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1772093739"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256%3A0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1772609258"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256%3A6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1772093739"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256%3Ac179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1772609258"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256%3A26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1772093739"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"product": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"product_id": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256%3Ac9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines\u0026tag=1772609258"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le as a component of Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x as a component of Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64 as a component of Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64 as a component of Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le as a component of Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64 as a component of Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x as a component of Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64 as a component of Red Hat OpenShift Pipelines 1.15",
"product_id": "Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
},
"product_reference": "registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn\u0027t behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been marked as moderate as for our products a network-based attack vector is simply impossible when it comes to golang code,apart from that as per CVE flaw analysis reported by golang, this only affects integrity and confidentiality and has no effect on availability, hence CVSS has been marked as such.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24790"
},
{
"category": "external",
"summary": "RHBZ#2292787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790"
}
],
"release_date": "2024-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-04T07:52:57+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3718"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-04T07:52:57+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3718"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-04T07:52:57+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3718"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-27144",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-24T23:00:42.448432+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347423"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "RHBZ#2347423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22",
"url": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5",
"url": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"
}
],
"release_date": "2025-02-24T22:22:22.863000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-04T07:52:57+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3718"
},
{
"category": "workaround",
"details": "As a workaround, applications can pre-validate that payloads being passed to Go JOSE do not contain an excessive number of `.` characters.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-04T07:52:57+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3718"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c179dbd8fe4a59f4a0db841f71273fc2b25f039c1f394fc28d8fe9ae233457bb_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:c9ed680f83130eac3e4d0567a91b3baf98de55a81eee8635ac2cc6369743bb5a_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:d968fd24bce22668f30a07456f7dd60452f33b10931ac8bba170d87bc69486a0_arm64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:1cb101c47928262aaffca1666428c45db5c44b4e43b7cb9b77f6339ffe23c6e9_ppc64le",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:26cfa3764e6cbfefda7aa9c2c66aaf89ca4ec3443f6f26c8a060a01f44c5b62d_amd64",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6c84b926c8c564decc5766bd0353ce5bb20ee60efb7861d2e9ce1d0180d2c098_s390x",
"Red Hat OpenShift Pipelines 1.15:registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:eea4eb420ed55b0b96728cbf0f9ae56578f86e699fd5071da7df5b1b5a8b842c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…