All the vulnerabilites related to Red Hat - Red Hat Satellite 6
cve-2024-6861
Vulnerability from cvelistv5
Published
2024-11-06 14:54
Modified
2024-11-22 20:35
Summary
Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
Impacted products
Vendor Product Version
Red Hat Red Hat Satellite 6.12 for RHEL 8 Unaffected: 0:3.3.0.17-1.el8sat   < *
    cpe:/a:redhat:satellite_maintenance:6.12::el8
    cpe:/a:redhat:satellite:6.12::el8
    cpe:/a:redhat:satellite_utils:6.12::el8
    cpe:/a:redhat:satellite_capsule:6.12::el8
Red Hat Red Hat Satellite 6.12 for RHEL 8 Unaffected: 0:3.3.0.17-1.el8sat   < *
    cpe:/a:redhat:satellite_maintenance:6.12::el8
    cpe:/a:redhat:satellite:6.12::el8
    cpe:/a:redhat:satellite_utils:6.12::el8
    cpe:/a:redhat:satellite_capsule:6.12::el8
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T16:16:00.977132Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T16:16:15.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://theforeman.org/",
          "defaultStatus": "unaffected",
          "packageName": "foreman",
          "versions": [
            {
              "lessThan": "3.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_maintenance:6.12::el8",
            "cpe:/a:redhat:satellite:6.12::el8",
            "cpe:/a:redhat:satellite_utils:6.12::el8",
            "cpe:/a:redhat:satellite_capsule:6.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.12 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0.17-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_maintenance:6.12::el8",
            "cpe:/a:redhat:satellite:6.12::el8",
            "cpe:/a:redhat:satellite_utils:6.12::el8",
            "cpe:/a:redhat:satellite_capsule:6.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.12 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0.17-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "satellite-capsule:el8/foreman",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "satellite:el8/foreman",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "satellite-utils:el8/foreman",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank S\u00e9bastien Vecten for reporting this issue."
        }
      ],
      "datePublic": "2024-10-09T00:42:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product\u0027s API."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T20:35:05.562Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2022:8506",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2022:8506"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-6861"
        },
        {
          "name": "RHBZ#2317450",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317450"
        },
        {
          "url": "https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2"
        },
        {
          "url": "https://projects.theforeman.org/issues/34328"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-04T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-09T00:42:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue the GraphQL introspection feature must be disabled or the GraphQL API be disabled entirely.\n\nMalicious requests can also be filtered using a reverse proxy or directly in the web server configuration."
        }
      ],
      "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-6861",
    "datePublished": "2024-11-06T14:54:51.099Z",
    "dateReserved": "2024-07-17T20:36:00.703Z",
    "dateUpdated": "2024-11-22T20:35:05.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-1932
Vulnerability from cvelistv5
Published
2024-11-07 10:00
Modified
2024-11-07 14:09
Summary
Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss
References
https://access.redhat.com/security/cve/CVE-2023-1932vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1809444issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Cryostat 2     cpe:/a:redhat:cryostat:2
Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
Red Hat Red Hat A-MQ Online     cpe:/a:redhat:amq_online:1
Red Hat Red Hat BPM Suite 6     cpe:/a:redhat:jboss_enterprise_bpms_platform:6
Red Hat Red Hat CodeReady Studio 12     cpe:/a:redhat:jboss_developer_studio:12.
Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
Red Hat Red Hat JBoss BRMS 5     cpe:/a:redhat:jboss_enterprise_brms_platform:5
Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
Red Hat Red Hat JBoss Data Virtualization 6     cpe:/a:redhat:jboss_data_virtualization:6
Red Hat Red Hat JBoss Enterprise Application Platform 5     cpe:/a:redhat:jboss_enterprise_application_platform:5
Red Hat Red Hat JBoss Enterprise Application Platform 6     cpe:/a:redhat:jboss_enterprise_application_platform:6
Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat Red Hat JBoss Enterprise Application Platform Continuous Delivery     cpe:/a:redhat:jboss_enterprise_application_platform_cd
Red Hat Red Hat JBoss Fuse 6     cpe:/a:redhat:jboss_fuse:6
Red Hat Red Hat JBoss Fuse Service Works 6     cpe:/a:redhat:jboss_fuse_service_works:6
Red Hat Red Hat JBoss Operations Network 3     cpe:/a:redhat:jboss_operations_network:3
Red Hat Red Hat JBoss SOA Platform 5     cpe:/a:redhat:jboss_enterprise_soa_platform:5
Red Hat Red Hat OpenStack Platform 10 (Newton)     cpe:/a:redhat:openstack:10
Red Hat Red Hat OpenStack Platform 13 (Queens)     cpe:/a:redhat:openstack:13
Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
Red Hat Red Hat support for Spring Boot     cpe:/a:redhat:openshift_application_runtimes:1.0
Red Hat streams for Apache Kafka     cpe:/a:redhat:amq_streams:1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T14:09:13.280925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T14:09:26.936Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:a_mq_clients:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.apache.logging.log4j-log4j",
          "product": "A-MQ Clients 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:cryostat:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "hibernate-validator",
          "product": "Cryostat 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "hibernate-validator",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_online:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "io.enmasse-enmasse",
          "product": "Red Hat A-MQ Online",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat BPM Suite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_developer_studio:12."
          ],
          "defaultStatus": "affected",
          "packageName": "hibernate-validator",
          "product": "Red Hat CodeReady Studio 12",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "hibernate-validator",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat Decision Manager 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_brms_platform:5"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss BRMS 5",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_virtualization:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Data Virtualization 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:5"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 5",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_cd"
          ],
          "defaultStatus": "affected",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform Continuous Delivery",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Fuse 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse_service_works:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Fuse Service Works 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_operations_network:3"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss Operations Network 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_soa_platform:5"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat JBoss SOA Platform 5",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:10"
          ],
          "defaultStatus": "unknown",
          "packageName": "opendaylight",
          "product": "Red Hat OpenStack Platform 10 (Newton)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:13"
          ],
          "defaultStatus": "affected",
          "packageName": "opendaylight",
          "product": "Red Hat OpenStack Platform 13 (Queens)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "candlepin",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "hibernate-validator",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_application_runtimes:1.0"
          ],
          "defaultStatus": "unknown",
          "packageName": "hibernate-validator",
          "product": "Red Hat support for Spring Boot",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_streams:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "hibernate-validator",
          "product": "streams for Apache Kafka",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Christian Kistner (SySS GmbH) and Moritz Bechler (SySS GmbH) for reporting this issue."
        }
      ],
      "datePublic": "2024-02-07T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in hibernate-validator\u0027s \u0027isValid\u0027 method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T10:00:51.745Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-1932"
        },
        {
          "name": "RHBZ#1809444",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809444"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2020-02-27T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-02-07T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-1932",
    "datePublished": "2024-11-07T10:00:51.745Z",
    "dateReserved": "2023-04-06T20:10:01.569Z",
    "dateUpdated": "2024-11-07T14:09:26.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0462
Vulnerability from cvelistv5
Published
2023-09-20 13:40
Modified
2024-09-24 15:05
Summary
Arbitrary code execution through yaml global parameters
References
https://access.redhat.com/security/cve/CVE-2023-0462vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2162970issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-0462"
          },
          {
            "name": "RHBZ#2162970",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0462",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T15:05:13.957096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T15:05:20.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "foreman",
          "vendor": "n/a"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."
        }
      ],
      "datePublic": "2023-03-21T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-20T13:40:43.213Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-0462"
        },
        {
          "name": "RHBZ#2162970",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-12-21T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-03-21T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Arbitrary code execution through yaml global parameters",
      "x_redhatCweChain": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-0462",
    "datePublished": "2023-09-20T13:40:43.213Z",
    "dateReserved": "2023-01-24T12:05:40.039Z",
    "dateUpdated": "2024-09-24T15:05:20.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-3716
Vulnerability from cvelistv5
Published
2024-06-05 15:05
Modified
2024-09-25 14:15
Summary
Foreman-installer: candlepin database password being leaked to local users via the process list
References
https://access.redhat.com/security/cve/CVE-2024-3716vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2274755issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3716",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T17:22:37.658677Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T17:22:47.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:00.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-3716"
          },
          {
            "name": "RHBZ#2274755",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274755"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/theforeman/foreman-installer",
          "defaultStatus": "affected",
          "packageName": "foreman-installer"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-06-05T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-25T14:15:16.773Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-3716"
        },
        {
          "name": "RHBZ#2274755",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274755"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-25T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-06-05T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Foreman-installer: candlepin database password being leaked to local users via the process list",
      "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-3716",
    "datePublished": "2024-06-05T15:05:37.869Z",
    "dateReserved": "2024-04-12T16:25:23.621Z",
    "dateUpdated": "2024-09-25T14:15:16.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7143
Vulnerability from cvelistv5
Published
2024-08-07 16:49
Modified
2024-11-24 19:15
Summary
Pulpcore: rbac permissions incorrectly assigned in tasks that create objects
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Update Infrastructure 4 for Cloud Providers     cpe:/a:redhat:rhui:4::el8
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7143",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T17:28:33.839214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:28:52.787Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-10T22:53:16.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/pulp/pulpcore/blob/main/CHANGES.md"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python3x-urllib3",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-urllib3",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "receptor",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python3x-django",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python3x-pulpcore",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python3x-urllib3",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-django",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-pulpcore",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-urllib3",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "receptor",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "python3x-pulpcore",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "python-pulpcore",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-pulpcore",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-pulpcore",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-08-07T13:50:03.893000+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn\u0027t dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-277",
              "description": "Insecure Inherited Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T19:15:39.083Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6765"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7143"
        },
        {
          "name": "RHBZ#2300125",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300125"
        },
        {
          "url": "https://github.com/pulp/pulpcore/blob/93f241f34c503da0fbac94bdba739feda2636e12/pulpcore/tasking/_util.py#L108"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-26T19:01:06+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-08-07T13:50:03.893000+00:00",
          "value": "Made public."
        }
      ],
      "title": "Pulpcore: rbac permissions incorrectly assigned in tasks that create objects",
      "x_redhatCweChain": "CWE-277: Insecure Inherited Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7143",
    "datePublished": "2024-08-07T16:49:29.842Z",
    "dateReserved": "2024-07-26T18:48:08.747Z",
    "dateUpdated": "2024-11-24T19:15:39.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-50782
Vulnerability from cvelistv5
Published
2024-02-05 20:45
Modified
2024-11-25 10:24
Summary
Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
References
https://access.redhat.com/security/cve/CVE-2023-50782vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2254432issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Update Infrastructure 4 for Cloud Providers     cpe:/a:redhat:rhui:4::el8
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:23:43.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
          },
          {
            "name": "RHBZ#2254432",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/pyca/cryptography",
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "versions": [
            {
              "lessThan": "42.0.0",
              "status": "affected",
              "version": "3.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "python39:3.9/python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Hubert Kario (Red Hat)."
        }
      ],
      "datePublic": "2023-12-13T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "Observable Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-25T10:24:46.647Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
        },
        {
          "name": "RHBZ#2254432",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-13T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-13T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-327-\u003eCWE-385-\u003eCWE-208: Use of a Broken or Risky Cryptographic Algorithm leads to Covert Timing Channel leads to Observable Timing Discrepancy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-50782",
    "datePublished": "2024-02-05T20:45:49.705Z",
    "dateReserved": "2023-12-13T20:44:02.023Z",
    "dateUpdated": "2024-11-25T10:24:46.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9355
Vulnerability from cvelistv5
Published
2024-10-01 18:17
Modified
2024-12-10 16:10
Summary
Golang-fips: golang fips zeroed buffer
References
https://access.redhat.com/errata/RHSA-2024:10133vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7502vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7550vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8327vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8678vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8847vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9551vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-9355vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2315719issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020241001112709.a3795dee   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:9.2.10-20.el8_10   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:5.1.1-9.el8_10   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.21.13-4.el9_4   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:9.2.10-19.el9_4   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:5.1.1-4.el9_4   < *
    cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat NBDE Tang Server     cpe:/a:redhat:network_bound_disk_encryption_tang:1
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat Openshift Container Storage 4     cpe:/a:redhat:openshift_container_storage:4
Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3:
Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
Red Hat Red Hat Storage 3     cpe:/a:redhat:storage:3
Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
Red Hat streams for Apache Kafka     cpe:/a:redhat:amq_streams:1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9355",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T18:35:51.670441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T18:37:53.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "rhc-worker-script",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.10-2.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "go-toolset:rhel8",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020241001112709.a3795dee",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "grafana",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.2.10-20.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "grafana-pcp",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.1-9.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "golang",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.21.13-4.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "grafana",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.2.10-19.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "grafana-pcp",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.1-4.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:network_bound_disk_encryption_tang:1"
          ],
          "defaultStatus": "affected",
          "packageName": "tang-operator-bundle-container",
          "product": "NBDE Tang Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "helm",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "odo",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines-client",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:serverless:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-clients",
          "product": "OpenShift Serverless",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform"
          ],
          "defaultStatus": "affected",
          "packageName": "helm",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-clients",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway-proxy",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "receptor",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "host-metering",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8/buildah",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8/conmon",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8/containernetworking-plugins",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8/podman",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8/runc",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8/skopeo",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8/toolbox",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "git-lfs",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "osbuild-composer",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhc",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "rsyslog",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "weldr-client",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "butane",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "conmon",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "containernetworking-plugins",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "git-lfs",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "grafana-pcp",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "gvisor-tap-vsock",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "ignition",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "opentelemetry-collector",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "osbuild-composer",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rsyslog",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "runc",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "toolbox",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "weldr-client",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "butane",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "conmon",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "conmon-rs",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "containernetworking-plugins",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-tools",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "golang-github-prometheus-promu",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "ignition",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "lifecycle-agent-operator-bundle-container",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "microshift",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/bare-metal-event-relay-operator-bundle",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/numaresources-operator-bundle",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-aws-efs-csi-driver-container-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-gcp-filestore-csi-driver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-secrets-store-csi-driver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-sriov-network-metrics-exporter-rhel9",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-sriov-rdma-cni-rhel9",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-vertical-pod-autoscaler-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/rdma-cni-rhel9",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/topology-aware-lifecycle-manager-operator-bundle",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-clients",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "ose-aws-ecr-image-credential-provider",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "ose-azure-acr-image-credential-provider",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "ose-gcp-gcr-image-credential-provider",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "runc",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_container_storage:4"
          ],
          "defaultStatus": "affected",
          "packageName": "mcg",
          "product": "Red Hat Openshift Container Storage 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4"
          ],
          "defaultStatus": "affected",
          "packageName": "mcg",
          "product": "Red Hat Openshift Data Foundation 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3:"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/machineexec-rhel8",
          "product": "Red Hat OpenShift Dev Spaces",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/gitops-operator-bundle",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_service_on_aws:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rosa",
          "product": "Red Hat OpenShift on AWS",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "kubevirt",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "affected",
          "packageName": "etcd",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "affected",
          "packageName": "golang-github-infrawatch-apputils",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "affected",
          "packageName": "golang-qpid-apache",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "affected",
          "packageName": "qpid-proton",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "affected",
          "packageName": "etcd",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "affected",
          "packageName": "golang-github-infrawatch-apputils",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "affected",
          "packageName": "golang-qpid-apache",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "affected",
          "packageName": "qpid-proton",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman_ygg_worker",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qpid-proton",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "satellite-capsule:el8/qpid-proton",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite:el8/qpid-proton",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite:el8/yggdrasil-worker-forwarder",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "yggdrasil",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "yggdrasil-worker-forwarder",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1"
          ],
          "defaultStatus": "affected",
          "packageName": "qpid-proton",
          "product": "Red Hat Service Interconnect 1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1"
          ],
          "defaultStatus": "affected",
          "packageName": "skupper-cli",
          "product": "Red Hat Service Interconnect 1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1"
          ],
          "defaultStatus": "affected",
          "packageName": "skupper-router",
          "product": "Red Hat Service Interconnect 1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:storage:3"
          ],
          "defaultStatus": "affected",
          "packageName": "heketi",
          "product": "Red Hat Storage 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/fulcio-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_streams:1"
          ],
          "defaultStatus": "affected",
          "packageName": "golang-github-danielqsj-kafka_exporter",
          "product": "streams for Apache Kafka",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by David Benoit (Red Hat)."
        }
      ],
      "datePublic": "2024-09-30T20:53:42.833000+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.\u00a0 It is also possible to force a derived key to be all zeros instead of an unpredictable value.\u00a0 This may have follow-on implications for the Go TLS stack."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T16:10:54.979Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10133",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10133"
        },
        {
          "name": "RHSA-2024:7502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7502"
        },
        {
          "name": "RHSA-2024:7550",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7550"
        },
        {
          "name": "RHSA-2024:8327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8327"
        },
        {
          "name": "RHSA-2024:8678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8678"
        },
        {
          "name": "RHSA-2024:8847",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8847"
        },
        {
          "name": "RHSA-2024:9551",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9551"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-9355"
        },
        {
          "name": "RHBZ#2315719",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315719"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-30T17:51:17.811000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-30T20:53:42.833000+00:00",
          "value": "Made public."
        }
      ],
      "title": "Golang-fips: golang fips zeroed buffer",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-9355",
    "datePublished": "2024-10-01T18:17:29.420Z",
    "dateReserved": "2024-09-30T17:07:30.833Z",
    "dateUpdated": "2024-12-10T16:10:54.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-4812
Vulnerability from cvelistv5
Published
2024-06-05 15:06
Modified
2024-08-04 16:39
Summary
Katello: potential cross-site scripting exploit in ui
References
https://access.redhat.com/security/cve/CVE-2024-4812vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2280187issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4812",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-13T20:16:42.915034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-13T20:16:49.722Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:55:10.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-4812"
          },
          {
            "name": "RHBZ#2280187",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280187"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "katello",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-06-05T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the \"Description\" field of a user. This code can be executed when opening certain pages, for example, Host Collections."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-04T16:39:16.461Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-4812"
        },
        {
          "name": "RHBZ#2280187",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280187"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-09T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-06-05T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Katello: potential cross-site scripting exploit in ui",
      "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-4812",
    "datePublished": "2024-06-05T15:06:13.886Z",
    "dateReserved": "2024-05-13T04:07:48.423Z",
    "dateUpdated": "2024-08-04T16:39:16.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3874
Vulnerability from cvelistv5
Published
2023-09-22 13:56
Modified
2024-09-24 15:01
Summary
Os command injection via ct_command and fcct_command
References
https://access.redhat.com/security/cve/CVE-2022-3874vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2140577issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:20:58.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-3874"
          },
          {
            "name": "RHBZ#2140577",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T15:01:09.871782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T15:01:27.145Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "foreman",
          "vendor": "n/a"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Andrew Danau (Onsec.io) and Evgeni Golov (Red Hat)."
        }
      ],
      "datePublic": "2023-04-19T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-22T13:56:54.314Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-3874"
        },
        {
          "name": "RHBZ#2140577",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-11-02T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-04-19T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Os command injection via ct_command and fcct_command",
      "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-3874",
    "datePublished": "2023-09-22T13:56:54.314Z",
    "dateReserved": "2022-11-07T10:05:50.045Z",
    "dateUpdated": "2024-09-24T15:01:27.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-1832
Vulnerability from cvelistv5
Published
2023-10-04 13:05
Modified
2024-09-19 14:42
Summary
Improper authorization check in the server component
References
https://access.redhat.com/security/cve/CVE-2023-1832vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2184364issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a candlepin-4.3.8
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:05:26.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-1832"
          },
          {
            "name": "RHBZ#2184364",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184364"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T14:42:10.869358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T14:42:30.285Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "candlepin-4.3.7",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unaffected",
              "version": "3"
            }
          ]
        },
        {
          "product": "candlepin-4.3.8",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unaffected",
              "version": "1"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "candlepin",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Nikolaos Moumoulidis (redhat) for reporting this issue."
        }
      ],
      "datePublic": "2023-08-14T09:23:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-04T13:05:37.522Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-1832"
        },
        {
          "name": "RHBZ#2184364",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184364"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-04T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-08-14T09:23:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Improper authorization check in the server component",
      "x_redhatCweChain": "CWE-284: Improper Access Control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-1832",
    "datePublished": "2023-10-04T13:05:37.522Z",
    "dateReserved": "2023-04-04T12:32:42.126Z",
    "dateUpdated": "2024-09-19T14:42:30.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7700
Vulnerability from cvelistv5
Published
2024-08-12 16:48
Modified
2024-09-27 16:27
Summary
Foreman: command injection in "host init config" template via "install packages" field on foreman
References
https://access.redhat.com/security/cve/CVE-2024-7700vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2304090issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T13:23:21.690797Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T13:23:34.117Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Markus Reisner (ATIX AG) for reporting this issue."
        }
      ],
      "datePublic": "2024-08-12T10:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A command injection flaw was found in the \"Host Init Config\" template in the Foreman application via the \"Install Packages\" field on the \"Register Host\" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-27T16:27:16.155Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7700"
        },
        {
          "name": "RHBZ#2304090",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304090"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-12T10:23:13.339000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-08-12T10:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Foreman: command injection in \"host init config\" template via \"install packages\" field on foreman",
      "x_redhatCweChain": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7700",
    "datePublished": "2024-08-12T16:48:54.120Z",
    "dateReserved": "2024-08-12T10:57:20.394Z",
    "dateUpdated": "2024-09-27T16:27:16.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}