All the vulnerabilites related to Red Hat - RHODF-4.15-RHEL-9
cve-2024-0553
Vulnerability from cvelistv5
Published
2024-01-16 11:40
Modified
2024-11-23 00:10
Summary
Gnutls: incomplete fix for cve-2023-5981
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9.1   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9.1   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:3.6.16-5.el8_6.3   < *
    cpe:/a:redhat:rhel_eus:8.6::appstream
    cpe:/o:redhat:rhel_eus:8.6::baseos
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.6.16-7.el8_8.2   < *
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
    cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:11:35.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
          },
          {
            "name": "RHSA-2024:0533",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0533"
          },
          {
            "name": "RHSA-2024:0627",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0627"
          },
          {
            "name": "RHSA-2024:0796",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0796"
          },
          {
            "name": "RHSA-2024:1082",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1082"
          },
          {
            "name": "RHSA-2024:1108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1108"
          },
          {
            "name": "RHSA-2024:1383",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1383"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0553"
          },
          {
            "name": "RHBZ#2258412",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gnutls.org/download.html",
          "defaultStatus": "unaffected",
          "packageName": "gnutls",
          "versions": [
            {
              "lessThan": "3.8.3",
              "status": "affected",
              "version": "3.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_9.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_9.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.6::appstream",
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-5.el8_6.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-7.el8_8.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-23.el9_3.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-23.el9_3.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-21.el9_2.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/cephcsi-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-37",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-core-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-68",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-39",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-58",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-metrics-exporter-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-81",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-79",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cli-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-57",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cosi-sidecar-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-54",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-must-gather-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-26",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-cluster-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-hub-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/rook-ceph-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-103",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-01-16T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-23T00:10:16.608Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0533",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0533"
        },
        {
          "name": "RHSA-2024:0627",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0627"
        },
        {
          "name": "RHSA-2024:0796",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0796"
        },
        {
          "name": "RHSA-2024:1082",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1082"
        },
        {
          "name": "RHSA-2024:1108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1108"
        },
        {
          "name": "RHSA-2024:1383",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1383"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0553"
        },
        {
          "name": "RHBZ#2258412",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
        },
        {
          "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-15T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-16T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: incomplete fix for cve-2023-5981",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-1300-\u003eCWE-203: Improper Protection of Physical Side Channels leads to Observable Discrepancy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0553",
    "datePublished": "2024-01-16T11:40:50.677Z",
    "dateReserved": "2024-01-15T04:35:34.146Z",
    "dateUpdated": "2024-11-23T00:10:16.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-5981
Vulnerability from cvelistv5
Published
2023-11-28 11:49
Modified
2024-11-23 00:09
Summary
Gnutls: timing side-channel in the rsa-psk authentication
References
https://access.redhat.com/errata/RHSA-2024:0155vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0319vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0399vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0451vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0533vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1383vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2094vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5981vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2248445issue-tracking, x_refsource_REDHAT
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
    cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:3.6.16-5.el8_6.2   < *
    cpe:/a:redhat:rhel_eus:8.6::appstream
    cpe:/o:redhat:rhel_eus:8.6::baseos
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.6.16-7.el8_8.1   < *
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.1   < *
    cpe:/a:redhat:rhel_eus:9.2::appstream
    cpe:/o:redhat:rhel_eus:9.2::baseos
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:14:25.155Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
          },
          {
            "name": "RHSA-2024:0155",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0155"
          },
          {
            "name": "RHSA-2024:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0319"
          },
          {
            "name": "RHSA-2024:0399",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0399"
          },
          {
            "name": "RHSA-2024:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0451"
          },
          {
            "name": "RHSA-2024:0533",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0533"
          },
          {
            "name": "RHSA-2024:1383",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1383"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5981"
          },
          {
            "name": "RHBZ#2248445",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-8.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.6::appstream",
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-5.el8_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.16-7.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-23.el9_3.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-23.el9_3.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream",
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-21.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/cephcsi-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-37",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-core-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-68",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-39",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-58",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-metrics-exporter-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-81",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-79",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cli-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-57",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cosi-sidecar-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-54",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-must-gather-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-26",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-cluster-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-hub-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/rook-ceph-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-103",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Daiki Ueno (Red Hat)."
        }
      ],
      "datePublic": "2023-11-15T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-23T00:09:08.520Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0155",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0155"
        },
        {
          "name": "RHSA-2024:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0319"
        },
        {
          "name": "RHSA-2024:0399",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0399"
        },
        {
          "name": "RHSA-2024:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0451"
        },
        {
          "name": "RHSA-2024:0533",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0533"
        },
        {
          "name": "RHSA-2024:1383",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1383"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5981"
        },
        {
          "name": "RHBZ#2248445",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
        },
        {
          "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-07T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-11-15T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: timing side-channel in the rsa-psk authentication",
      "workarounds": [
        {
          "lang": "en",
          "value": "To address the issue found upgrade to GnuTLS 3.8.2 or later versions."
        }
      ],
      "x_redhatCweChain": "CWE-1300-\u003eCWE-203: Improper Protection of Physical Side Channels leads to Observable Discrepancy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5981",
    "datePublished": "2023-11-28T11:49:50.138Z",
    "dateReserved": "2023-11-07T08:05:10.875Z",
    "dateUpdated": "2024-11-23T00:09:08.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0567
Vulnerability from cvelistv5
Published
2024-01-16 14:01
Modified
2024-11-23 00:10
Summary
Gnutls: rejects certificate chain with distributed trust
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
    cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:11:35.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
          },
          {
            "name": "RHSA-2024:0533",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0533"
          },
          {
            "name": "RHSA-2024:1082",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1082"
          },
          {
            "name": "RHSA-2024:1383",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1383"
          },
          {
            "name": "RHSA-2024:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2094"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0567"
          },
          {
            "name": "RHBZ#2258544",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.com/gnutls/gnutls",
          "defaultStatus": "unaffected",
          "packageName": "gnutls",
          "versions": [
            {
              "lessThan": "3.8.3",
              "status": "affected",
              "version": "3.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-23.el9_3.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-23.el9_3.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.6-21.el9_2.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/cephcsi-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-37",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-core-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-68",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-39",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-58",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-metrics-exporter-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-81",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-79",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cli-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-57",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cosi-sidecar-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-console-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-54",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-must-gather-rhel9",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-26",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-cluster-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-hub-operator-bundle",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-158",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/rook-ceph-rhel9-operator",
          "product": "RHODF-4.15-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-103",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/cluster-logging-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch6-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v6.8.1-407",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-proxy-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.0.0-479",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/elasticsearch-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/eventrouter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.4.0-247",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/fluentd-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/log-file-metric-exporter-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.1.0-227",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-curator5-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.1-470",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-loki-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v2.9.6-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/logging-view-plugin-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-operator-bundle",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-24",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/loki-rhel9-operator",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v5.8.6-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/lokistack-gateway-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-525",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/opa-openshift-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.1.0-224",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:logging:5.8::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-logging/vector-rhel9",
          "product": "RHOL-5.8-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v0.28.1-56",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:3.11"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cockpit",
          "product": "Red Hat OpenShift Container Platform 3.11",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-01-16T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-23T00:10:26.501Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0533",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0533"
        },
        {
          "name": "RHSA-2024:1082",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1082"
        },
        {
          "name": "RHSA-2024:1383",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1383"
        },
        {
          "name": "RHSA-2024:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2094"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0567"
        },
        {
          "name": "RHBZ#2258544",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
        },
        {
          "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-16T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-16T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: rejects certificate chain with distributed trust",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0567",
    "datePublished": "2024-01-16T14:01:59.178Z",
    "dateReserved": "2024-01-16T04:02:22.392Z",
    "dateUpdated": "2024-11-23T00:10:26.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}