Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-45808 (GCVE-0-2024-45808)
Vulnerability from cvelistv5 – Published: 2024-09-19 23:34 – Updated: 2024-09-20 17:25
VLAI
EPSS
Title
Malicious log injection via access logs in envoy
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/envoyproxy/envoy/security/advi… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy |
Affected:
>= 1.31.0, < 1.31.2
Affected: >= 1.30.0, < 1.30.6 Affected: >= 1.29.0, < 1.29.9 Affected: < 1.28.7 |
|
| envoyproxy | envoy |
Affected:
0 , < 1.28.7
(custom)
Affected: 1.29.0 , < 1.29.9 (custom) Affected: 1.30.0 , < 1.30.6 (custom) Affected: 1.31.0 , < 1.31.2 (custom) cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.28.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.29.9",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.30.6",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
},
{
"lessThan": "1.31.2",
"status": "affected",
"version": "1.31.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:23:51.509637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:25:17.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.2"
},
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.6"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.9"
},
{
"status": "affected",
"version": "\u003c 1.28.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T23:34:26.714Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc"
}
],
"source": {
"advisory": "GHSA-p222-xhp9-39rc",
"discovery": "UNKNOWN"
},
"title": "Malicious log injection via access logs in envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45808",
"datePublished": "2024-09-19T23:34:26.714Z",
"dateReserved": "2024-09-09T14:23:07.504Z",
"dateUpdated": "2024-09-20T17:25:17.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-45808",
"date": "2026-06-17",
"epss": "0.00358",
"percentile": "0.27507"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.28.7\", \"matchCriteriaId\": \"C5E423BE-4022-47AB-A5D4-B218627517DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.29.0\", \"versionEndExcluding\": \"1.29.9\", \"matchCriteriaId\": \"E442EF13-A99D-42B9-BC76-AC398C32D132\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.30.0\", \"versionEndExcluding\": \"1.30.6\", \"matchCriteriaId\": \"D9685C62-CFE4-43C5-B0C2-1C6722FB4F64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.31.0\", \"versionEndExcluding\": \"1.31.2\", \"matchCriteriaId\": \"C765FFC0-2FF7-4318-A347-2AFCAD0E7C74\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. Se identific\\u00f3 una vulnerabilidad en Envoy que permite a atacantes maliciosos inyectar contenido inesperado en los registros de acceso. Esto se logra explotando la falta de validaci\\u00f3n del campo `REQUESTED_SERVER_NAME` para los registradores de acceso. Este problema se solucion\\u00f3 en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen la versi\\u00f3n. No existen workarounds conocidas para esta vulnerabilidad.\"}]",
"id": "CVE-2024-45808",
"lastModified": "2024-09-25T17:18:38.823",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}]}",
"published": "2024-09-20T00:15:02.733",
"references": "[{\"url\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-117\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-116\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45808\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-20T00:15:02.733\",\"lastModified\":\"2024-09-25T17:18:38.823\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. Se identific\u00f3 una vulnerabilidad en Envoy que permite a atacantes maliciosos inyectar contenido inesperado en los registros de acceso. Esto se logra explotando la falta de validaci\u00f3n del campo `REQUESTED_SERVER_NAME` para los registradores de acceso. Este problema se solucion\u00f3 en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-117\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.28.7\",\"matchCriteriaId\":\"C5E423BE-4022-47AB-A5D4-B218627517DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.29.0\",\"versionEndExcluding\":\"1.29.9\",\"matchCriteriaId\":\"E442EF13-A99D-42B9-BC76-AC398C32D132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.30.0\",\"versionEndExcluding\":\"1.30.6\",\"matchCriteriaId\":\"D9685C62-CFE4-43C5-B0C2-1C6722FB4F64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.31.0\",\"versionEndExcluding\":\"1.31.2\",\"matchCriteriaId\":\"C765FFC0-2FF7-4318-A347-2AFCAD0E7C74\"}]}]}],\"references\":[{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Malicious log injection via access logs in envoy\", \"source\": {\"advisory\": \"GHSA-p222-xhp9-39rc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"envoyproxy\", \"product\": \"envoy\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.31.0, \u003c 1.31.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.30.0, \u003c 1.30.6\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.29.0, \u003c 1.29.9\"}, {\"status\": \"affected\", \"version\": \"\u003c 1.28.7\"}]}], \"references\": [{\"url\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc\", \"name\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-117\", \"description\": \"CWE-117: Improper Output Neutralization for Logs\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-19T23:34:26.714Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45808\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-20T17:23:51.509637Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\"], \"vendor\": \"envoyproxy\", \"product\": \"envoy\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.28.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.29.0\", \"lessThan\": \"1.29.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.30.0\", \"lessThan\": \"1.30.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.31.0\", \"lessThan\": \"1.31.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2024-09-20T17:25:13.264Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45808\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-19T23:34:26.714Z\", \"dateReserved\": \"2024-09-09T14:23:07.504Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-19T23:34:26.714Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
bit-envoy-2024-45808
Vulnerability from bitnami_vulndb
Published
2024-09-21 07:10
Modified
2025-05-20 10:02
Summary
Malicious log injection via access logs in envoy
Details
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTED_SERVER_NAME field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "envoy",
"purl": "pkg:bitnami/envoy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.28.7"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.9"
},
{
"introduced": "1.30.0"
},
{
"fixed": "1.30.6"
},
{
"introduced": "1.31.0"
},
{
"fixed": "1.31.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2024-45808"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"id": "BIT-envoy-2024-45808",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-09-21T07:10:31.256Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45808"
}
],
"schema_version": "1.5.0",
"summary": "Malicious log injection via access logs in envoy"
}
FKIE_CVE-2024-45808
Vulnerability from fkie_nvd - Published: 2024-09-20 00:15 - Updated: 2026-06-17 07:54
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"affected": [
{
"affectedData": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.2"
},
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.6"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.9"
},
{
"status": "affected",
"version": "\u003c 1.28.7"
}
]
}
],
"source": "security-advisories@github.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.28.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.29.9",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.30.6",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
},
{
"lessThan": "1.31.2",
"status": "affected",
"version": "1.31.0",
"versionType": "custom"
}
]
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E423BE-4022-47AB-A5D4-B218627517DD",
"versionEndExcluding": "1.28.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E442EF13-A99D-42B9-BC76-AC398C32D132",
"versionEndExcluding": "1.29.9",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685C62-CFE4-43C5-B0C2-1C6722FB4F64",
"versionEndExcluding": "1.30.6",
"versionStartIncluding": "1.30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C765FFC0-2FF7-4318-A347-2AFCAD0E7C74",
"versionEndExcluding": "1.31.2",
"versionStartIncluding": "1.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. Se identific\u00f3 una vulnerabilidad en Envoy que permite a atacantes maliciosos inyectar contenido inesperado en los registros de acceso. Esto se logra explotando la falta de validaci\u00f3n del campo `REQUESTED_SERVER_NAME` para los registradores de acceso. Este problema se solucion\u00f3 en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"id": "CVE-2024-45808",
"lastModified": "2026-06-17T07:54:51.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-45808",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:23:51.509637Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-09-20T00:15:02.733",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2024:7726
Vulnerability from csaf_redhat - Published: 2024-10-07 09:24 - Updated: 2026-06-02 15:13Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.2
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh Containers for 2.6.2
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* express: Improper Input Handling in Express Redirects (CVE-2024-43796)
* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule
(CVE-2024-43788)
* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* envoy: Malicious log injection via access logs (CVE-2024-45808)
* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)
* envoy: Envoy crashes for `LocalReply` in HTTP async client (CVE-2024-45810)
* curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.
5.3 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.
6.1 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.
5.0 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.
5.0 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().
5.0 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Envoy that allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted such as changing arbitrary x-envoy headers, please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio.
7.4 (High)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in envoy. Affected versions of envoy may allow malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers.
6.5 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Envoy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstances, such as websocket upgrade and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client if the http async client is duplicating the status code or if the destruction of the router is called at the destructor of the async stream while the stream is deferred or deleted. This issue occurs when the stream decoder is destroyed but it's reference is called in `router.onDestroy()`, causing a segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed.
7.5 (High)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
76 references
Acknowledgments
Mike Whale
Red Hat
James Force
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh Containers for 2.6.2\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n* express: Improper Input Handling in Express Redirects (CVE-2024-43796)\n* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule\n(CVE-2024-43788)\n* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n* envoy: Malicious log injection via access logs (CVE-2024-45808)\n* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)\n* envoy: Envoy crashes for `LocalReply` in HTTP async client (CVE-2024-45810)\n* curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)\n* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7726",
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2301888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888"
},
{
"category": "external",
"summary": "2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "2313683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313683"
},
{
"category": "external",
"summary": "2313685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313685"
},
{
"category": "external",
"summary": "2313687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313687"
},
{
"category": "external",
"summary": "OSSM-3337",
"url": "https://issues.redhat.com/browse/OSSM-3337"
},
{
"category": "external",
"summary": "OSSM-8001",
"url": "https://issues.redhat.com/browse/OSSM-8001"
},
{
"category": "external",
"summary": "OSSM-8099",
"url": "https://issues.redhat.com/browse/OSSM-8099"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7726.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.2",
"tracking": {
"current_release_date": "2026-06-02T15:13:46+00:00",
"generator": {
"date": "2026-06-02T15:13:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:7726",
"initial_release_date": "2024-10-07T09:24:48+00:00",
"revision_history": [
{
"date": "2024-10-07T09:24:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-07T09:24:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:13:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.6 for RHEL 8",
"product": {
"name": "RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
},
{
"category": "product_name",
"name": "RHOSSM 2.6 for RHEL 9",
"product": {
"name": "RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.2-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.2-3"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.2-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T04:33:09+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libcurl, where libcurl\u0027s ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: libcurl: ASN.1 date parser overread",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability is classified as low severity because it primarily results in a heap buffer over-read rather than a direct memory corruption or code execution risk. Since the ASN.1 parsing occurs after a successful TLS handshake, the malformed certificate must first bypass the TLS library\u0027s validation, which significantly reduces the likelihood of exploitation. \n\nAdditionally, the impact is limited to a potential crash or unintended heap data exposure through CURLINFO_CERTINFO, but not arbitrary code execution. The requirement for a specific TLS backend configuration and the controlled nature of the memory read further minimize its exploitability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7264"
},
{
"category": "external",
"summary": "RHBZ#2301888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL"
}
],
"release_date": "2024-07-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nRed Hat build of curl uses OpenSSL, which is not included in the affected list of GnuTLS, Schannel, Secure Transport and mbedTLS. Inspect which TLS backend is in use by running:\n\n$ curl --version\n\nCheck the reference for curl handled by the maintainers which may contain more relevant information around this vulnerability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: libcurl: ASN.1 date parser overread"
},
{
"cve": "CVE-2024-43788",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-08-27T17:20:06.890123+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2308193"
}
],
"notes": [
{
"category": "description",
"text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43788"
},
{
"category": "external",
"summary": "RHBZ#2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
"url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-08-27T17:15:07.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "rhdh-hub-container 1.2 and 1.3 have included patches for this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"acknowledgments": [
{
"names": [
"Mike Whale"
]
},
{
"names": [
"James Force"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2024-45806",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2024-09-20T00:40:20.976812+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313683"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Envoy that allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy\u0027s default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted such as changing arbitrary x-envoy headers, please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Potential to manipulate `x-envoy` headers from external sources",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat\u0027s CVSS score and impact are specific to our product and may not match those of upstream. This is due to how envoy is configured and used within our OpenShift Service Mesh product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45806"
},
{
"category": "external",
"summary": "RHBZ#2313683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313683"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45806"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf"
}
],
"release_date": "2024-09-20T00:15:02.293000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by configuring envoy to treat all IPs as external. This is done by setting the internal_address_config range for envoy to `0.0.0.0/32`.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Potential to manipulate `x-envoy` headers from external sources"
},
{
"cve": "CVE-2024-45808",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2024-09-20T00:40:26.266584+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. Affected versions of envoy may allow malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Malicious log injection via access logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in Envoy that allows attackers to inject unexpected content into access logs is classified as moderate severity rather than important because the impact is primarily related to log integrity rather than direct exploitation of the system or data breaches, which lowers the overall risk profile. While log tampering can lead to misleading information, it does not directly compromise the application\u2019s functionality or security boundaries. Additionally, the attack requires specific conditions to succeed, relying on the lack of validation for the `REQUESTED_SERVER_NAME` field, which may not be present in all configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45808"
},
{
"category": "external",
"summary": "RHBZ#2313685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45808"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc"
}
],
"release_date": "2024-09-20T00:15:02.733000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Malicious log injection via access logs"
},
{
"cve": "CVE-2024-45810",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-20T00:40:31.483825+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstances, such as websocket upgrade and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client if the http async client is duplicating the status code or if the destruction of the router is called at the destructor of the async stream while the stream is deferred or deleted. This issue occurs when the stream decoder is destroyed but it\u0027s reference is called in `router.onDestroy()`, causing a segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Envoy crashes for `LocalReply` in HTTP async client",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in Envoy related to the HTTP async client crashing during `sendLocalReply()` is classified as moderate severity rather than important due to the crash is contingent on particular scenarios, such as websocket upgrades and request mirroring, which may not be common in all deployments. Additionally, while the segmentation fault can disrupt service, it does not compromise data integrity or expose sensitive information.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45810"
},
{
"category": "external",
"summary": "RHBZ#2313687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45810"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q"
}
],
"release_date": "2024-09-20T00:15:03.153000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Envoy crashes for `LocalReply` in HTTP async client"
}
]
}
RHSA-2024_7726
Vulnerability from csaf_redhat - Published: 2024-10-07 09:24 - Updated: 2024-12-18 04:38Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.2
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh Containers for 2.6.2
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* express: Improper Input Handling in Express Redirects (CVE-2024-43796)
* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule
(CVE-2024-43788)
* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* envoy: Malicious log injection via access logs (CVE-2024-45808)
* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)
* envoy: Envoy crashes for `LocalReply` in HTTP async client (CVE-2024-45810)
* curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.
5.3 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.
6.1 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.
5.0 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.
5.0 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().
5.0 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Envoy that allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted such as changing arbitrary x-envoy headers, please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio.
7.4 (High)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in envoy. Affected versions of envoy may allow malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers.
6.5 (Medium)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Envoy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstances, such as websocket upgrade and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client if the http async client is duplicating the status code or if the destruction of the router is called at the destructor of the async stream while the stream is deferred or deleted. This issue occurs when the stream decoder is destroyed but it's reference is called in `router.onDestroy()`, causing a segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed.
7.5 (High)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
76 references
Acknowledgments
Mike Whale
Red Hat
James Force
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh Containers for 2.6.2\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n* express: Improper Input Handling in Express Redirects (CVE-2024-43796)\n* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule\n(CVE-2024-43788)\n* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n* envoy: Malicious log injection via access logs (CVE-2024-45808)\n* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)\n* envoy: Envoy crashes for `LocalReply` in HTTP async client (CVE-2024-45810)\n* curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)\n* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7726",
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2301888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888"
},
{
"category": "external",
"summary": "2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "2313683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313683"
},
{
"category": "external",
"summary": "2313685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313685"
},
{
"category": "external",
"summary": "2313687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313687"
},
{
"category": "external",
"summary": "OSSM-3337",
"url": "https://issues.redhat.com/browse/OSSM-3337"
},
{
"category": "external",
"summary": "OSSM-8001",
"url": "https://issues.redhat.com/browse/OSSM-8001"
},
{
"category": "external",
"summary": "OSSM-8099",
"url": "https://issues.redhat.com/browse/OSSM-8099"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7726.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.2",
"tracking": {
"current_release_date": "2024-12-18T04:38:31+00:00",
"generator": {
"date": "2024-12-18T04:38:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:7726",
"initial_release_date": "2024-10-07T09:24:48+00:00",
"revision_history": [
{
"date": "2024-10-07T09:24:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-07T09:24:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:38:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.6 for RHEL 8",
"product": {
"name": "RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
},
{
"category": "product_name",
"name": "RHOSSM 2.6 for RHEL 9",
"product": {
"name": "RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.2-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.2-3"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.2-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.2-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64 as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64 as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T04:33:09+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libcurl, where libcurl\u0027s ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: libcurl: ASN.1 date parser overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7264"
},
{
"category": "external",
"summary": "RHBZ#2301888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL"
}
],
"release_date": "2024-07-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: libcurl: ASN.1 date parser overread"
},
{
"cve": "CVE-2024-43788",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-08-27T17:20:06.890123+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2308193"
}
],
"notes": [
{
"category": "description",
"text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43788"
},
{
"category": "external",
"summary": "RHBZ#2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
"url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-08-27T17:15:07.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"acknowledgments": [
{
"names": [
"Mike Whale"
]
},
{
"names": [
"James Force"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2024-45806",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2024-09-20T00:40:20.976812+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313683"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Envoy that allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy\u0027s default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted such as changing arbitrary x-envoy headers, please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Potential to manipulate `x-envoy` headers from external sources",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat\u0027s CVSS score and impact are specific to our product and may not match those of upstream. This is due to how envoy is configured and used within our OpenShift Service Mesh product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45806"
},
{
"category": "external",
"summary": "RHBZ#2313683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313683"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45806"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf"
}
],
"release_date": "2024-09-20T00:15:02.293000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by configuring envoy to treat all IPs as external. This is done by setting the internal_address_config range for envoy to `0.0.0.0/32`.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Potential to manipulate `x-envoy` headers from external sources"
},
{
"cve": "CVE-2024-45808",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2024-09-20T00:40:26.266584+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. Affected versions of envoy may allow malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Malicious log injection via access logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in Envoy that allows attackers to inject unexpected content into access logs is classified as moderate severity rather than important because the impact is primarily related to log integrity rather than direct exploitation of the system or data breaches, which lowers the overall risk profile. While log tampering can lead to misleading information, it does not directly compromise the application\u2019s functionality or security boundaries. Additionally, the attack requires specific conditions to succeed, relying on the lack of validation for the `REQUESTED_SERVER_NAME` field, which may not be present in all configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45808"
},
{
"category": "external",
"summary": "RHBZ#2313685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45808"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc"
}
],
"release_date": "2024-09-20T00:15:02.733000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Malicious log injection via access logs"
},
{
"cve": "CVE-2024-45810",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-20T00:40:31.483825+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstances, such as websocket upgrade and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client if the http async client is duplicating the status code or if the destruction of the router is called at the destructor of the async stream while the stream is deferred or deleted. This issue occurs when the stream decoder is destroyed but it\u0027s reference is called in `router.onDestroy()`, causing a segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Envoy crashes for `LocalReply` in HTTP async client",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in Envoy related to the HTTP async client crashing during `sendLocalReply()` is classified as moderate severity rather than important due to the crash is contingent on particular scenarios, such as websocket upgrades and request mirroring, which may not be common in all deployments. Additionally, while the segmentation fault can disrupt service, it does not compromise data integrity or expose sensitive information.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45810"
},
{
"category": "external",
"summary": "RHBZ#2313687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45810"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q"
}
],
"release_date": "2024-09-20T00:15:03.153000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T09:24:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:239b42c643b37c7aa7de38e9eeb00222e9dcc8e96b845307c73ecb48ec8f6175_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:26d5dec1bf366dac99df61dd31cf8a6a6937b4e81d1d61a3b3b57e7bf8ee3375_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:58760b14fd38690a490f7a5ea01e44c5ceee193324488ed4016203c042f88e7b_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:a50a14787a8765c1c9da772d58d08138cacb29ba41e32bc3f5c0ff9b8452d40b_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:3c5142ebe3cb9c77b67c29fd7a6fb6b5176ace9833f69aaebec658b4ca8232ad_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b72249b5326e4606f53a0130f099ccb636241de275891f98e0a622c8db1a4c9c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:c5562019a94ccaa070d4c2107b992847ecfdee49c1f4dd3043e3c20307b74112_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:fb11daf6c17ea22d9b80af3f2b48807a00e73a347e081f046beb5707923ea976_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:32d02294f6c3ed5ee704852afb31a98777eeae19fa48f2cfbfa0aa17701eb025_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:7a69b6ecf90b9be263edfca0ffa4f40cb8c076f7472559efb09a83a48da92de5_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:92965aba07c6c3ae594fa30f72b47692b9692639f47882d3a29b1fe3938f1325_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c00a763b4b037c92378363a29e55c057fd1ae5e7efaded6ca6e53c4be1c13404_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:231e044e7f872d658114881aab776604e583d2b8da0448a2272ffd15c711db3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3c87f98e0b065af6bd93090edaa2187218dbed286f712a56daefad5a2bd124ae_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bd7006b966f6d367bc1814750c1465f7ffb9e39fc2fb7d3607d11dabc77115d6_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:cf746daf197865ecb846af2475fcea56c0555c8bdafb7864d4718f1da3d872dc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:2050b64b6d66ba3c4a068311ab1737219c318ec4f9e4b07cc33fecf47c3b6795_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:276689457eada53dacecf65a92bf64a7535add94c728b165771bc27e3b10009c_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:29cf0230854ac71bb01095db0b07783bac74d12b4164d263bd66f1d225fb48bd_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:d6ae2eb93558b129b0051980ff73e0e09d41763eb29c2564a28a60281d9f59c7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:5c6810907b68548ca4d79b6d07e9b936ce74e4efbd2e39e225793bce1d15e1d9_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:7a35294bd4d2a4f9d2fbc3ac1f24e8aef5aa0a84c2780c275348c77df68f5a32_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:80ad09921b68b246a30bcfebef670cac228e5b8e0a7db63c0462e09a518d68ec_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:b28f8f238dfa4dc4590fe326ef1c0db17238dda3640a0e9fdf8fb93a69b4e0c3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37bb32758dbda228f036d2b0cb3cf7010926334f9ebc82bebf0cac5c397c9bd3_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:4223dcfd7630709f2841b220281120cc6010548d8e59e27cebdf304f16fcf3ac_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:acab16ff4de53601dd13971b5165f5ca6ba68345be9a2135469e246d385243cc_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:ce49c56b67a541d00a985c7e7da4a8d36d968f93bafd5d037586476c3583f9d8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:03e25e6be5dd9909f4917494c282eaa888bcb3e2a1b6fdb6e819be8bfcde3578_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:871eff21377954f22da7aded97f65dbb1d9ed8cfdd33c29b790609e36b0bdeec_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:931c5faa35bc2200fa595ea418e861c6ca8c8bcda34821aa0592565c7873415a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:a99e9d30ac8b5767b7eb95c3183f8dde99130ce5441928da1082a4e48108715b_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:40e075e75225da1082774c0ec33b314b9659d27e36fb698726d466a7be0e63f3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8e103924f51e6697e0a6890e9aaafd9b48e1fef7a8300badcac6bb0220807794_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:a224fe00e59b8e7c85d479bc3962e81ba274ef3be4b2aee55e56534f4d03aa32_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:c4fcdfa308b9995044e0daab35916b3e85dc94dd30131a9410652dcf23e8e27f_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:11e2e2f3a3b26a9d79573277c6f38d06f6906bdda547556fe92eee57a89fe86e_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:19b29793f5615cd360e83e736471175db4dc205ae33f3914b28d41502036e655_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:56cdb7f7540a76bf10235d4c3048ef99d8d8602b8420f16a03ef7d446c18df87_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:cdfee2e141fa6559a6c64373177a4a666e39052add4498b880c08c496e25109e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Envoy crashes for `LocalReply` in HTTP async client"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…